Greetings folks. My new article entitles “More Strategies for Eliminating Cardholder Data” has now been published on the VeriSign website. This is an expansion of my previous article which primarily relied on Hashing. Based on clarifications from the card associations, hashing is not a silver bullet (do you know of any that are?) and hashed data is still considered cardholder data. The real risk is that rainbow tables can be created if someone knows how the hash is created. Since the keyspace is so small, the rainbow table creation is rapid.

This article expands that and takes a more holistic approach to data elimination and talks about many other strategies. It does not address the culture shift question that someone pointed out to me at an ISSA Meeting in Dallas yesterday, but that is for another time.

This post originally appeared on