PCI encryption: PCI Council calls point-to-point encryption immature

The PCI council clarifies its position on point-to-point encryption recommendations:

The PCI Security Standards Council (PCI SSC) issued its first guidance document outlining the point-to-point encryption market, warning merchants of the possibility of vendor lock-in and calling current implementations too immature to properly evaluate.

In the PCI encryption document, Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance, the council explains how the latest encryption technologies can simplify the validation process by encrypting cardholder data at the time it enters a payment system and transport it safely and securely to payment processors, where it is decrypted.

“There are a lot of these so-called end-to-end encryption solutions cropping up all over the place and it could create a lot of confusion among merchants,” said Bob Russo, general manager of the PCI DSS Council. “This is by no means an endorsement of the technology; it’s just an early document to set the stage for more information to come.”

via PCI encryption: PCI Council calls point-to-point encryption immature.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s