PCIDSS.COM - PCI DSS Security Solutions Directory

Category: PCI DSS Requirement 3

Protect Stored Account Data

 Account data protection relies heavily on safeguards like encryption, truncation, masking, and hashing (one-way encryption). Without the appropriate cryptographic keys, encrypted account data can’t be read or used by an attacker who subverts other security measures and successfully gains access to it, typically with malicious intent. As potential risk-mitigation opportunities, additional efficient methods of protecting stored data should also be taken into consideration. Examples of further risk mitigation include: avoiding sending unprotected Primary Account Numbers (PANs) via end-user messaging technologies like e-mail and instant messaging, and truncating cardholder data if a full PAN is not required.

Encrypting account data is not necessary if it is stored in non-persistent memory, such as RAM or volatile memory. To keep memory in a non-persistent state, however, proper controls must be in place as access to these critical systems may allow attackers to dump the contents of memory potentially containing cleartext sensitive cardholder data. When the business purpose (for example, the associated transaction) has concluded, sensitive data should be removed from volatile memory.

All applicable PCI DSS Requirements, including encryption of stored data, will apply if data storage becomes persistent. i.e. stored at rest.

Reduced
PCI Solution Provider

DataDivider

DataDivider’s SaaS (Software as a Service) solution affords businesses the unique opportunity to minimize their exposure when handling privacy data…

Read More

Rating
0 / 5
Views
1573
Compare Add to favorites
PCI Solution Provider

PCI DSS Consulting and Card Discovery tool

Whitehats Cybertech Pvt Ltd, upon understanding the need of the PCI DSS compliance requirement have built a tool for card…

Read More

Rating
0 / 5
Views
1002
PCI Solution Provider

Gemalto

Gemalto Payment HSM supports cloud tokenization requirements for secure mobile payment transactions and digitization of credit card credentials

Read More

PCI Solution Provider

Thales

Products and services from Thales e-Security can help you implement effective, high assurance tokenization solutions to protect customer information, reduce…

Read More

PCI Solution Provider

Safenet

SafeNet Tokenization Manager receives the cardholder data right after its initial entry point, encrypts it, stores it in the Token…

Read More

Location
4690 Millennium DriveBelcamp, MD 21017
Rating
0 / 5
Views
2135
PCI Solution Provider

HP

HPE Security? Data Security delivers the SST Solution running on HPE NonStop servers, the platform of choice for payments processing…

Read More

PCI Solution Provider

Voltage

Voltage Secure Stateless Tokenization represents a paradigm shift in tokenization. It provides service at a higher performance and with greater…

Read More

PCI Solution Provider

Futurex

Organizations of all industries are responsible for storing a vast amount of sensitive data. By implementing the tokenization technology within…

Read More

Location
864 Old Boerne Road , Bulverde, Texas 78163 USA
Rating
0 / 5
Views
1835
PCI Solution Provider

DESlock

DESlock+ is a simple-to-use encryption application for companies large and small. Take advantage of the optimized setup that speeds up…

Read More

PCI Solution Provider

PGP

As of June 2010, PGP Corp was acquired by Symantec. Now PGP is available only from Symantec. Pretty Good Privacy…

Read More