The PCI council clarifies its position on point-to-point encryption recommendations:
The PCI Security Standards Council (PCI SSC) issued its first guidance document outlining the point-to-point encryption market, warning merchants of the possibility of vendor lock-in and calling current implementations too immature to properly evaluate.
In the PCI encryption document, Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance, the council explains how the latest encryption technologies can simplify the validation process by encrypting cardholder data at the time it enters a payment system and transport it safely and securely to payment processors, where it is decrypted.
“There are a lot of these so-called end-to-end encryption solutions cropping up all over the place and it could create a lot of confusion among merchants,” said Bob Russo, general manager of the PCI DSS Council. “This is by no means an endorsement of the technology; it’s just an early document to set the stage for more information to come.”