Last week was the first PCI Board of Advisors meeting for the recently elected board set to serve through June 2013. While it was a very productive session, I will not be able to blog about much of the meeting. It’s that way by design (rightfully so). At some point, I’ll have a few additional guidelines to work within, but ultimately I signed an NDA as did my company, and I plan on honoring the terms of that NDA regardless of my thoughts about it.

Just to clarify, I plan to honor the terms in the NDA that I signed, or live by the consequences if I don’t.

Social Media KISS, by Search Engine People Blog

But that’s not what this post is about. I’ve been an advocate of data devaluation and destruction as long as I have been helping companies comply with PCI DSS. This goes beyond encryption, I’m talking about operating your business with a reduced data set that is not valuable to an external third party. Anyone worth their salt that deals with PCI DSS knows techniques to accomplish this and has, at one point or another, ventured down this path with management.

What I want to highlight today is a document from Visa that I somehow missed after it was published. It’s entitled: “Visa Best Practices for Primary Account Number Storage and Truncation,” and has a base set of recommendations broken into five different domains. If you are looking for a quick and dirty guide on how to work with internal stakeholders and third parties, this list is a great start. Go check it out!

This post originally appeared on

Possibly Related Posts: