Print This Article Post Comment Add To Favorites Email to Friends Ezine Ready

The Necessity Of Credit Card Data Encryption

By: Andy Eliason Home | Business


The Payment Card Industry Data Security Standard (PCI DSS) mandates that anyone who stores, processes, or transmits sensitive credit card data must be PCI compliant. In other words, they must conform to a set of standardized security measures.

Credit card data encryption is one of the most essential parts of reaching PCI compliance. Unfortunately, it can also be one of the more difficult procedures to implement since many companies don't understand exactly what credit card data encryption entails, and exactly what measures are considered sufficient.

The third requirement of the PCI DSS states simply: Protect cardholder data. This is a fairly broad requirement, but credit card data encryption is still a critical part of it. The main reason for this rests on the fact that no matter what kind of other security measures you've put up to block intrusions, chances are there's a criminal out there who can find that utterly obscure and inconceivable hole in which to get through.

If your information is properly encrypted, however, all they will find is a string of useless gibberish that will mean nothing to them.

Unless, of course, they've managed to get a hold of your encryption keys.

For that reason, the third requirement of the PCI DSS also deals with the proper ways to store and handle encryption keys. A merchant must protect those keys against disclosure and misuse, which implies a variety of practices that need to be used. These include: restricting access to the keys to as few people as possible and storing the keys in as few places as possible.

You are also required to fully document all key management processes and procedures for keys used for credit card data encryption. This includes a range of practices including: generating strong keys, distributing them through secure means, storing them securely, and periodically changing them.

This is just the beginning, though. A merchant must also make sure to destroy old keys, prevent the unauthorized substitution of keys, replace any keys that are known to be, or even suspected to be compromised, and revoke any old or invalid keys.

All in all, making sure you have proper credit card data encryption can be a time consuming, resource intensive process. And this is all just to encrypt the information stored on your site. We still have the separate problem of encrypting information that is in transit to deal with.

The fourth requirement of the PCI DSS states that you must encrypt transmission of cardholder data across open, public networks. An open network subject to PCI requirements include the Internet, WiFi, global systems of mobile communications, and general packet radio service.

The reason here is also simple. If a criminal cannot get at the records on your system, they may try to intercept any transmission you send. That is why credit card data encryption is just as important in this stage as it is for information on your system.

According to the fourth requirement, in order to fight criminals who might try to intercept, modify, or divert sensitive information, a merchant must use strong cryptographic and security protocols such as SSL (secure sockets layer)/TLS (transport layer security) and IPSEC (Internet protocol security). Transmitting data over wireless networks must also be guarded using WPA or WPA2 technology, IPSEC, VPN, or SSL/TLS. It also warns that you should not rely exclusively on WEP (wired equivalent privacy) to protect your system.

Many merchants have found that proper credit card data encryption is one of the most difficult aspects of the PCI DSS for compliance. As such, many of them are turning to other companies for help and outsourcing their PCI compliance and payment processing needs. This way they can entrust their encryption needs to companies that specialize in it.

But whether outsourced or done in-house, credit card data encryption is about more than just protecting your business. It's about protecting your relationship with your customers. If you want to succeed, your customers have to know that they can trust you.



Article Source: http://www.eArticlesOnline.com

About the Author:
Andy Eliason is a writer for Main10, Inc. If you'd like to learn more about credit card data encryption or outsourcing your payment processing needs, visit Braintree Payment Solutions today.

Tags: , , , , , ,

Please Rate this Article

 

Not yet Rated

Click the XML Icon Above to Receive Business Articles Via RSS!

Recent Related Articles From Business

  • Advice On Credit Card Debt Relief
    By: NFA Center | Mar 12th 2010
    Credit cards should not be used until the time debts are paid off. For credit card debt relief, debt consolidation is the first available option. It is sensible enough to use a cash card and keep the credit card out of the wallet. Read

  • Importance Of Using Business Credit Card

    A number of individuals and corporate entities today are using different types of credit cards. They admitted that they will miss all the advantages that it could offer to them if they do not own even one. Besides some are considering credit cards as a form of survival. One of the most popular types of credit card is the bu ... Read

  • Tips On Credit Card Application

    Different types of credit cards are widely available in the market today. But somehow, it will give you a difficult time to know each type and to find the right one. In this case, it is important that you choose the credit card which gives financial sense to you. And before filing your credit card application from various c ... Read

  • 3 Reasons To Have The Best Credit Card Rate
    By: Stacey Reid | Dec 31st 2008
    Having the best credit card rate on a credit card is a convenience that many people are aiming for. Here are other advantages to being offered good credit card ratings and APR on credit cards. Read

  • 12 Simple Steps To Minimizing Credit Card Fraud
    By: Parker Graham | Jan 8th 2008
    Credit card fraud is an ever increasing epidemic. If you follow these simple steps, you can greatly minimize your risk of credit card fraud. Read

  • Comstar Credit Card Pager
    By: Estella | Apr 28th 2008
    In the modern society today,credit and debit cards are becoming the most popular ways of making payment without worrying about liquid cash. However, in the business world a credit card processing machine is a very important device. Payment transaction is just cleared with a simple swipe of the credit card. A credit card rem ... Read

  • Credit Card Processing: The Contemporary Choice For Trade And Commerce
    By: Rosan Raaz | May 5th 2011
    Do you know what are online merchant services and internet credit card processing? To know in details you must read this article.
     Read

  • Credit Card Counseling Debt Consolidation
    By: Oliver Turner | Sep 25th 2006
    Credit card debt consolidation may take many forms.

    People with good credit score, who have a high level of revolving credit debt, can easily get loan at lower interest rates for credit card debt consolidation.

    People who have less credit but have equity in homes can choose credit card debt con ...     Read

  • Credit Cards In An Instant: Getting An Online Approval For Your Credit Card Application

    Credit cards offer the ultimate ease and convenience in shopping and purchases. With just a swipe, you get to buy even the most lucrative items on the shopping rack. They're the prolific things these days; these miniature cards people use to buy things - from shoes to dresses, to food, to cars and appliances. What makes the ... Read

  • Business Credit Card Offers Galore!

    First things first, there is a reason why there are a lot of business credit card offers around. Basically, the benefit of having a business credit card is that the company be it a large company or a small one is able to keep track of all the expenses its employees make.

    A business credit card is used by ...     Read

eArticlesOnline Authors:


Publishers:


Everyone:

Copyright © 2005-2011 eArticlesOnline, LLC - All Rights Reserved
Terms of Service | Privacy Policy