Sunday, October 25, 2009

How to Encrypt Credit Card Data the Visa Way

Visa has released a best practices for data encryption to keep cardholder data safe. It should be used along with the existing PCI DSS security standards. If your not going to be using tokenized payments this will help you encrypt sensitive cardholder data in an industry approved fashion.

Visa's best practices are designed to help organizations:

  • Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption.
  • Use robust key management solutions consistent with international and/or regional standards.
  • Use key-lengths and cryptographic algorithms consistent with international and/or regional standards.
  • Protect devices used to perform cryptographic operations against physical/logical compromises.
  • Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs or fraud management.

Read the entire press release here.

No comments: