Overly on Security

By Michael Overly

About this Blog:

The legal side of security.

Read Michael's Bio | See Michael's Posts

PCI Security Standards Council Issues Guides On End-to-End Encryption for Transactions

Posted October 26, 2010 to Data Protection |

If you follow PCI developments at all, you no doubt have heard of the new end-to-end encryption guidance released a couple of weeks ago by the PCI Security Standards Council (available at https://www.pcisecuritystandards.org/pdfs/pci_dss_emv.pdf and https://www.pcisecuritystandards.org/pdfs/pci_ptp_encryption.pdf). The Council observed there are no clear standards for encryption for every step of the transaction process. To assist merchants and others in better complying with the PCI Data Security Standard, the Council has issued this guidance.

Apart from assisting you in your own PCI DSS compliance efforts, this new guidance should be incorporated into your due diligence procedures in assessing the compliance of vendors and business partners with whom you may share cardholder information.

Previous Post: Marketing Associations Launch Self-Regulatory Scheme for Online Data...Next Post: New Standards for Governmental Agencies on Cloud Computing Security

View the discussion thread.

WEBCAST

Transition Confidently to the Cloud

Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.