PCI DSS Compliance – What You Need to Know
22/03/2019

What is Payment Card Industry Compliance?

Online credit card use has been on a tear for the past couple of years and like with every new type of tech advancement, there’s always the equivalent development of fraudulent tactics. To prevent malicious attacks and security violations on personal and sensitive data used during credit card transactions, Payment Card Industry Compliance standards and requirements were introduced.

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies that accept credit card payments no matter their size or volume of transactions.

Focal Points

There are a lot of bases to cover when it comes to Payment Card Industry Compliance. Today, we chose a few focal points to give you a bit more information on and hopefully stimulate your interest in reading more about the subject at hand. Here you have it.

Stored data

Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is
to “protect stored cardholder data.” Before delving into the specifics of what that means it is essential to understand that not all businesses require to store data. Merchants who do not have to store any cardholder data are immediately in an advantageous position to provide stronger protection simply by not giving fraudsters another possible target. If you do have to store data though, this guide gives you a complete breakdown of the best practices when it comes to storing data.

compliance

Encryption

Point to point encryption essentially protects payment card information from the point of initial contact, for example when the card is read by a card payment terminal, until the date arrives at the secure decryption endpoint. Encryption as a concept is basically the process of converting the payment card information into an incomprehensible format.

A point-to-point encryption (P2PE) solution is supplied by a third party and is an amalgamation of secure devices, applications and processes that encrypt data from the first point of contact (for example, at the point of swipe or dip) up until the data finally the solution provider’s secure decryption environment.

A point-to-point encryption (P2PE) solution must include all of the following:

  • Secure encryption of payment card data at the point-of-interaction (POI)
  • P2PE-validated application(s) at the point-of-interaction
  • Secure management of encryption and decryption devices
  • Management of the decryption environment and all decrypted account data

Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage.