PCI Council updates encryption standards

A key update to the PCI standard has been issued by the PCI standards body, the Payment Card Industry Security Standards Council (PCI SSC).

The council has formally issued the Point-to-Point Encryption Solution Requirements (P2PE) and Testing Procedures version 2.0, which contains a vital revision to a key encryption standard. The update is intended to make it easier to implement P2PE solutions that make payment card data less valuable if obtained by criminals.

“A point-to-point encryption (P2PE) solution cryptographically protects account data from the point where a merchant accepts the payment card to the secure point of decryption,” the council said, according to DarkMatters.

“By using P2PE, account data (cardholder data and sensitive authentication data) is unreadable until it reaches the secure decryption environment, which makes it less valuable if the data is stolen in a breach”, continued the council.

The PCI Security Standards Council is an industry-wide governing body founded by members including American Express, Discover Financial Services, JCB International, MasterCard, and Visa.

“Malware that captures and steals data at the point-of-sale continues to threaten businesses and their ability to protect consumers’ payment information. As these attacks become more sophisticated, it’s critical to find ways to devalue payment card data,” said PCI Security Standards Council Chief Technology Officer Troy Leach told Finextra.

As We Live Security reported recently, compliance with PCI is not always as easy as it might seem – a recent survey found that 80 percent of global merchants including retailers, financial institutions and hospitality firms had failed interim tests to demonstrate they are in compliance with card data security standards.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.