Visa Releases Data Field Encryption Guidance standard
Earlier this week Visa, Inc. released a best practice bulletin on data encryption that details five security goals ((paying homage to The Security Catalyst’s “3s and 5s” rule)), and thirteen best practices that companies can implement to meet them. The five goals as listed in the bulletin are: Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption. Use robust key management solutions consistent with international and/or regional standards. Use key-lengths and cryptographic algorithms consistent with international and/or regional standards. Protect devices used to perform cryptographic operations against physical/logical compromises. Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after ...
Continue Reading