There is, according to the organization, considerable interest among service providers and merchants in the application of some way to improve the end-to-end encryption of sensitive data of payment card owners. Given this situation, the new document Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance aims to introduce you to the standardization work in which the PCI Security Standards Council is currently involved.
It is clear from the text issued by the group that the group is attempting to establish an evaluation process for the identification of end-to-end encryption products in the data environment of card owners.
In any case, the PCI Security Standards Council plans to issue another document entitled Validation Requirements for Point-to-Point Encryption that aims to define the requirements and process necessary to effectively validate end-to-end encryption solutions capable of protecting user data. According to Bob Russo, ceo of the standardization body, such a document is expected to be available next year.
The second guide is related to EMV, the most widely used card payment technology in Europe and the United States. It is a global standard that has existed for several years and that allows reducing fraud when the payment is made in person. However, with this system sensitive information is transferred unencrypted, so, as the group explains in the text, EMV does not by itself satisfy all the requirements defined by PCI DSS to protect authentication data and consumer information.
Source: CSO
Authors: Computer Security News
