Credit card data encryption is one of the basics of PCI DSS compliance. In recent years more and more attention has been directed at the need for increased data security. The general gist of the PCI DSS seems to indicate that merchants should only keep the bare minimum of data on their system In other words, only the information specifically required for business, legal, or other such needs should be kept on an internal system. And all that information must be encrypted. And yet studies have shown that many companies are failing to implement proper credit card data encryption measures. Why is this?
It could be due to the costs and confusion associated with credit card data encryption. Proper encryption can require greater resources than normal, including processing, bandwidth, and personnel resources. When companies start calculating the costs associated with these new security measures, many of them seem to think it’s worth a little risk in order to save the money and resources. After all, they might say, sure some companies have been targeted and breached. But really, do that many companies have a problem. Surely, out of all the companies in the world, a hacker wouldn’t target me.
The unfortunate truth, however, is that hackers will, in fact, target anyone. And while many businesses have trouble spending resources to fend off a possible problem, that is exactly what the PCI DSS requires you to do. Requirement three of the PCI DSS requires you to “Protect stored cardholder data.” Credit card data encryption is critical to this requirement. The idea here is that anyone who happens to bypass any or all of your other security measures will find only a series of illegible gibberish. The only way a criminal can make use of these numbers is if they get a hold of the encryption keys as well.
No comments:
Post a Comment