Category: PCI DSS Requirement 3
Protect Stored Account Data
 Account data protection relies heavily on safeguards like encryption, truncation, masking, and hashing (one-way encryption). Without the appropriate cryptographic keys, encrypted account data can’t be read or used by an attacker who subverts other security measures and successfully gains access to it, typically with malicious intent. As potential risk-mitigation opportunities, additional efficient methods of protecting stored data should also be taken into consideration. Examples of further risk mitigation include: avoiding sending unprotected Primary Account Numbers (PANs) via end-user messaging technologies like e-mail and instant messaging, and truncating cardholder data if a full PAN is not required.
Encrypting account data is not necessary if it is stored in non-persistent memory, such as RAM or volatile memory. To keep memory in a non-persistent state, however, proper controls must be in place as access to these critical systems may allow attackers to dump the contents of memory potentially containing cleartext sensitive cardholder data. When the business purpose (for example, the associated transaction) has concluded, sensitive data should be removed from volatile memory.
All applicable PCI DSS Requirements, including encryption of stored data, will apply if data storage becomes persistent. i.e. stored at rest.
DataDivider
DataDivider’s SaaS (Software as a Service) solution affords businesses the unique opportunity to minimize their exposure when handling privacy data…
- Rating
- Views
- 2155
PCI DSS Consulting and Card Discovery tool
Whitehats Cybertech Pvt Ltd, upon understanding the need of the PCI DSS compliance requirement have built a tool for card…
- Rating
- Views
- 1264
Gemalto
Gemalto Payment HSM supports cloud tokenization requirements for secure mobile payment transactions and digitization of credit card credentials
- Location
- Ge?malto6, rue de la Verrerie - CS20001 92197 Meudon Cedex France
- Rating
- Views
- 2805
Thales
Products and services from Thales e-Security can help you implement effective, high assurance tokenization solutions to protect customer information, reduce…
- Location
- 900 South Pine Island Road, Suite 710Plantation, Florida, 33324
- Rating
- Views
- 2200
Safenet
SafeNet Tokenization Manager receives the cardholder data right after its initial entry point, encrypts it, stores it in the Token…
- Location
- 4690 Millennium DriveBelcamp, MD 21017
- Rating
- Views
- 2406
HP
HPE Security? Data Security delivers the SST Solution running on HPE NonStop servers, the platform of choice for payments processing…
- Location
- Hewlett Packard Enterprise Investor Relations3000 Hanover Street Palo Alto, CA 94304 United States
- Rating
- Views
- 3242
Voltage
Voltage Secure Stateless Tokenization represents a paradigm shift in tokenization. It provides service at a higher performance and with greater…
- Location
- HPE Security ? Data Security, Europe 8 Lincoln?s Inn Fields London United Kingdom, WC2A 3BP
- Rating
- Views
- 3087
Futurex
Organizations of all industries are responsible for storing a vast amount of sensitive data. By implementing the tokenization technology within…
- Location
- 864 Old Boerne Road , Bulverde, Texas 78163 USA
- Rating
- Views
- 2088
DESlock
DESlock+ is a simple-to-use encryption application for companies large and small. Take advantage of the optimized setup that speeds up…
- Location
- DESlock Limited3 Heron Gate Office Park Hankridge Way Taunton UK TA1 2LR
- Rating
- Views
- 2196
PGP
As of June 2010, PGP Corp was acquired by Symantec. Now PGP is available only from Symantec. Pretty Good Privacy…
- Location
- Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 United States
- Rating
- Views
- 3686