|
|
|
Visa Releases Encryption Guidelines for Merchants
By: Brian Prince
2009-10-07
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Visa published a set of best practices this week for end-to-end encryption in the payment card industry as work on global standards continues.Visa released a document this week with best practices for end-to-end
encryption in a bid to help early adopters and encryption vendors
while industry standards are being developed.
The document, available here,
is meant to give organizations something to think about as they
evaluate or deploy data field encryption. Essentially a stopgap until
the American National Standards Institute develops guidelines for the payment card industry, the document provides best practices in five main areas:
Limiting
cleartext availability of cardholder data and sensitive authentication
data to the point of encryption and the point of decryption.
Using robust
key management solutions consistent with international and/or regional
standards.
Using
key-lengths and cryptographic algorithms consistent with international
and/or regional standards.
Protecting devices used to perform cryptographic operations against
physical/logical compromises.
Using an alternate account or transaction identifier for business
processes that requires the primary account number to be utilized after
authorization, such as processing of recurring payments, customer
loyalty programs or fraud management.
"While
no single technology will completely solve fraud, data field encryption
can be an effective security layer to render cardholder data useless to
criminals in the event of a merchant data breach," said Eduardo Perez,
global head of data security at Visa, in a statement. "Using encryption
as one component of a comprehensive data security program can enhance a
merchant's security by eliminating any clear text data either in
storage or in flight.
Perez added that while investing in data field encryption is valuable, it is only a compliment to compliance with
the Payment Card Industry Data Security Standard - not a replacement.
Still, there has been an increase in calls for encryption as a means to
better security, particularly as data breaches at prominent
companies have become common items in news reports. Following the
breach at Heartland Payment Systems for example, the company began
pushing for industry-wide of end-to-end encryption.
"Given the
interest expressed by merchants and processors, guidance from the card
brands is a critical determinant in figuring out how to move ahead with
encrypting data in transit, especially absent a global standard," said
Avivah Litan, an analyst at Gartner, in a statement. "Companies should
also be aware that if data is decrypted anywhere in their system, they
are still at risk for a data breach."
|
|
�������x}ks8q�8c�H)ٖcؖRԭRQ$$qL\#sO/v�K�Z#='-�`�n4���~vv$IM˙sל۔\s�Pç��v$vv~]2i*_
d&�@�jہ��)�}mk4��uB�Z���[;#|6S%?w *s=NN��KԚLæzg&$l
d��kbp��,Fc�wO5d{=B �~5[��6m��(GJ�Ż?�K퓟�E!wO���շ8>vP
/T|0tgL'þ�=a�y5E�xLԤ#|xB�g�x�d�#B�E=x:Q/M+lal�ڮ�U�X'�[v�x)�B,��#�bF�]߂CCŤNޤ@d`jId:@:",��#63!p�55\ap�)zXY6tG-#H�1PN$}+AbArxưciHo*!)lpi#j%y�'�@�>x uȭB ¿{k�߀#ݸ1ܷL[b�6�Z ۄ@ظz00!�%�DhO�e_uhs�2n�
eþ9J�T+W�Jq��,t�r�NeW4�ٹRU5MQ�e��u7�ٺs��m%k%�Cq={'�r9;{'Z��;A�7@o&3W`Z�LTQR`f���Rc@G'�Y�_5}(�ĭ~o[�FIS� �40"ÌJ�3~̢J�9��ŠsuywȠstzx |g9̠j�PEf�+��2hZu\�_?_s\w/{}rһ"ǝOݣN�Y; i
�fVk!�
�v��g6~�b
M���u�ô�W+
I-Gfw4|!�xx="�IKG|<8&8���C���j�ݖE�B_*D�\�KŗG)LY4C�� ! ,�6ɌS�Hu��t:��9AsEjୱJ+Ҕ&
�9B:A`�ܺm��49�,�8蟩$�m�4�@r5�XSl �ROFo4'M�XZE�U��>hi"A[T}O�W�%ތ�1E|r+�ef"ȅ�Q.%-�>�Ć�>L�y%Ku}7�p�emCzlNVڒ1Wb{(1e�ޡ:I=x9&E;~C�8^%g�5F4�,h�eݴ%!�g8W5MGVm$cW*P\?(ËJCU�~^p�-Aqj2B��c�=M:vX�<
�0��D>/;3jZYs;Ni$|N���I�}ѦM�ޡ:BݘZ����H/0i�|�+�wOݺzL^TŞ+L�Кk��F#m�� &>q�l��8d�$n)s>s�Ln-�0(�5�I#=�ˋ�0���P6
=�� 2/?>�aCxwݐ��~X�/��-Â�I{¦uS�}L;"z
[��I3�7��?�`b#c[l~pe��ٜi83�A�0>A̞��,j\h�m9Y~p�$ך^s_o2ES�T�n^ßf�1���_w\ճ&VAB
�glC(b'pCf4AdN/a:*)HSo�]��pȞZc�S�+%UV��G,m+ȣ[)Z@�z\��6`�aP�eQ@ҿR&a+B֨N`O#�i6�EGzcϐt��N>�OH)
zS7HpLa)e�-�'UmTHb|PF�ȸh�Fqm@XĞ?x�8]�0,Y\X�Ζ�']5�!@0oE��ʵ�{Luh<
Vزi@�X:uosj�)هYk;kH8�V+JIU�?i?怚H|A��2ex�L,`_cݻ|ʠ::7�H�+!f8c0�{]�\�μ��
+�'2E�<&��{H�Y�eX}Ft%_*'ϰMqё,u�`�늦�t�V87V|�"�@?
v�#�C\4�<�}gS�4�pf
m=
�7wA-~O9-1�(4`V��܆8�/-�H)X�l7>̌&k}�TZ^RK{=n`6,�lCc$
zT�h;�pf�Β1�J5��{AiMhڜ�!yU!@WIl�Ħ�24[+XȎ.ͯ6>s}&�nfGt(_N��ˀ�G]wv�ˬ�g`
Ti54O_@Hpb7e����cߺ��!G܇r7:L�&M}VD�QW5B˂a2&(�҇F�s�uuu}�|Ƭ.n>�zRiv'oQ2Z �[G�q?�VsO>�"]Ǥ|U�2-t0�c!3ߏpGgq���Yf�:al<6kh0�e;|\00`�3�2|tFxD! �kq�(n���#;"#�VSRk�/e��(5ԺqK(j ,:H$ �3FyˡYF s_�3y>F?UU�;My�Ü*+A�jM�a10r6-wqI y1gS�N�Xfe�0|g\U��=,
=X디Z=0¢py�
z"�ћIc'�c\ix��6_�(}O,KeGIu|f*kZQRj^?*��dcOPJpf�X$${�\�\csI�(do(Q멞j�SX*6DL4Ϩ�ņ�;v�.b�
h��6PG�cX݂��t;a�XLd;ʳ�#X
viW4c�V�S=#nƍj*%T/IjYt�~(0|nDNvW1$nL\'�\x4IjYʠ5�ZV-�#0�
9L�pu
�($j^�ç,,_t�2jU�5��dP�e�Ŝx�O)�ItS�^1%w�X�L]��tK�Oo%EDOC�Ui%�gX&b1W+�y<8&ov/?Bﵺ 5@��kE16kJ�~��Zg>>hZ�t@,+?v~��NIIc{'t>}#0&L{H{;At�} {@N;�0^x;Zj\��0MC�~�ǝ�ɯ�z�/yC�qr`�R�h3 J@�F���$bw}WszZ^��+�6zv9�DQ
�2lO#�r��z�yCB|wֻ'�Y#{�.[�j��tK}���!y:�FS�̠�o2X$CX=ֈd�Ȱ�� �Z(Xƥwûܹq�Ŝ4�"z��M3bn
q�m19ºU�XȬE`&|CL($��S�0�r �`�$X�)��XAU:ۿu8/w�bd�BQr�7��{KP -M>uS2MĜ�yk�NEh {6-~=��rv�G�P2)V�I[ͨB
ݖ:p<5��:)�Oz.���|Nik'i^VӲQ6T$��4%�44ґLN�C]F+dÅ7g�ҿl_lNpV�H�po6_xvImK$�(�k2kEx�e85(A}�M�H��naFiI�g֢Ѭ]}+
ɏE�~xZ�=Na �Of�aDiGiQm��t�jQ6uoXx�ot�H]<�7;��WQ杊onP;-�4z���1�~o~ˤa�W*]c{�*{�w}w�ﰧ]VZ�tC.q�F��V�d/)&%�ΒE LM O�Kt�1ڬ/ۥ{HkYXdbS�Oٞo
?֘M'|Ȟ8^TC|Syg!,d���a���зF0[)=�)$Ι��drOC%�7÷Fp7�N
Ϧf_ O��%�FJ
,�Y`mZ،�9!/�h�vpm�U4b�Zy"N0�R�o��1֢ �I�M1XQ|=�L8s{C�4��pU_s
w1� |cM5�%&p$~~�M{fr+
�)?!���»/Vx�e�[b4w[8| NJG��'s�fdQ%b̦Z�DI3/7F�{�_p|�K#X'�l`ZW"H�ZSr&,^NhX�[T(Q"3�LB�!��8��!<4QiըVG�4dZ��2�S0�pe䄸-N ��b�cTxrn�@��v���רha�GLz\@A=I9IX3�BaяDp^�N˭|2,lP� yY%�gLR^�c9Qm_&5wc7+
xI��]]�(�0|I�wkB{s6@%-(�r{26|p,uYD>���Gj%?;ۊ'-&\9Njb{b0[%=lh�I'Њb�+Am/45L�g7ѿ�x�L�<�FXN",�3"��QPaQVn5%Wn
Ez2QZO}sڃUֻ7$!鳅9ܩ=;�rL(FC�c�h �,Mt4�BwtpCoM�Oqc4���Ā�@"�0H뙎w8��`[[[�/5$E7ҋuo'+Х.A:҃),X}҉I`l�0 �!��A R� �"|[,�q8��T%$McL>_3XKP�~�q]ц ݐT��ۚ6D;8�VnVPg*)3T^\RX�cWI䤓�30�a t�ADi�A��-9��ڴ涳*iʦR})VKM��R"N֝{��zJ}?�S:C#Pbt,`��`��o�QxH ^zA,[ϛ�+5nus��! )=~�0IEx�5굆fHy�$n�`7Y*Oٕ�1%JEDz*qZO|qKO~w~w~w~w~wn�U+j9Esb~CIh5�+*>�]}�,Z̧Ox!:q�J._?��?%&hS#7ĶY?O9R�;�t�?%�0Ԩ�T��#]���\#7Ŵaů\�Q��EW�=M ύJ庞�s(I?Z�C�Y"lIv1 >0P.%H삥 vLR5.]Ѓp{=��i_;*}�DPPk=V}zB`
l�~vi�S�X8ro|{}=n[f�.u%_ubK�˃`23r �NBWg-{��S+k.}�
dM|=\w,%m·�{kc_Y61B/�V^ZU$: w�<�Yyb:�h-/^|ĭU
^
S *��ܒ+lxQ֫ߔ]X97h \O?ެoKfq�* d@u>�^͝�"�^=xB�N�k?0�\xm$v�?h��`+@M���6-0�VgEqf{�� [�1+tҥ�moJY2VC}__�$m�Am�Aɼ#�Ь%5:&eWJD:`�TF\L��2U�J666Jj`
�n�t-�/��Iv�|wouv1�vSpn]|@Q��H'Bp�oI�p0�W�mۋ@{6�I�q*�!Z�p6P]?�z�UctbRo�5%�]\�ϸ }�^gjT60�8;�~�=eO)�
xͦ��-50=����B| ��ϞO,',YH鎸:-AҘX/�H�GO�/
:â= Lam�?�]--Y?`�#NpPoc䭼>-d?�?~܉/!?Y3PS1`m^ UH+4h 9^Hq5q�qObfģ
Zk�ah;Xÿ́k�j=!vc`.G�.қ≡37:US�Ñ;7<�7Ɣ�-*|);,)�KO[ݛ{-oq�A&�Э%HP)%$7�Fv�q���a>:�(�-^a̷UKphY\-c"KG&��)�D$pև5�$x^+jB7�"|tŲufs'�"th'&v* &V*�t|?H��-g:,0Oļ\\snod0��a-�1Vf9�h
ͬͱj-%Fd]���F��P=�@�ȩ莥XK[eg`�5,�?_J)k¿�9�̪�FܞUk2+�`�D�vʹMh5%MF(xl�ti��=fӚPx�+p��SK�C7R�<6$Ae�ȇ5T?�0�G
)Uﵺ 5�W�UP�8AHS�mm�bl��Nn-'�&`�Cq'r�t�'7%eZS[�ٓ{J8��G_
�6a^fgZq)MG)}o
cb2z�ޘ�9�pb�Y`��Z`Oh$�}b 鳂"uFf!&�T)
�1`NZNWv\tgsG��@F;G}m!����g����5#LJB�v#-�9asH ]\W\Af.!��xtT$l.cl�к�|ŧtS)F|1[GB(W�9$#>P\zuW�J s/"�9'p�h�\prx@Kd~L+2&�B�s�8���A_}&9N %!Q��RAA��2Ƃq��bZ1Ř!b`
R^r�{fĔy�9d;}^�G>LQZj��*�!b3wاX, ,[�؍�q��DR vqY�@��y#��LL�݂zĂ![C P?5DF�·:�zs;%̌S�,0
@u�A"�\2,�Gy�an2xM:�Q���̬�3.zy�6t(YS=1U&F����R�R[7'��eiD^~|LR
]�4�Bq0h�ωI<�7,X��zoj� ���B�h),f,�՚RD&u]C�!2,�S=VJ@<�{AuLT��r)UH+�^@0Y��3�:%U{$$�͈u0՝!XV39]69tHa{9.aw'�}�ZGݪ;G'UbPhXx�3fg&SR�o4E9š6u&\�«1.yr9,tG_0�4��e�Y9DAwp�D(/�& ƕ^mӄ-xec�}|||j%6�#g5^L7#Gu�$6A{���V
�CYqYmn¸~�(�hO1uр.:VdRR3`dz_לߠ+(Z_~�NmS>X_~�48�A�I�}>@?G([hvחw�qN9?t/rʡݜ/~�Y�|Z9s���}s{�9ϡ99y��'E��SN)
S~�90�9{�s#?�0~�9׃r�?=/�r q�eW?W9�9�~��A�
�X_�c�}Oyߧ�>�>�ʯʁs�ڿi�:s$CPΑ%.N�p�s+a�T/ޯ<�$�9@y�J*,c/s\-�Z
{�9;[?�u/zu
CFW\=o /de7e5�vkYA����
{} yW��/"yeo23 �AQFgG6�+.ȭ-'Hl]=�g%%x�=0?Mu{�1پWߕ\~SnE�+tq22#s�"q�G\%ӚXn3'r2�U?�QǒGЬ��]#=D%?|�k2y��19Nq�8-���(G.�v�)�nҷ��pK|���SG0�9nsOkz>s'"[~r^<^Ȭu�Vl�NA�m�O9y}2So�١݅
ߊč,z��%�h10(ZƬ[Nx��Z�n�am�Wg4`t.g�{g�d�aSe�dz�X3/Us
!Qao0��H=��ŁS�
;wEm=�s�
9fhNh{@$~ܙ�,@���$MR#ZִZjVU��?%WHd�6##"2t�>�fDdU:��.�UF\��,)g
�/(�@#غ7M{%}C7":fȳRLq�
�u+ҷ�J�!'\C�x'��)ë2�dof�2E�aSOp^Wv"�H�@0�~Y8P&`!��؞.F^G$��w�� `1x!#GÆ�^Ėٵv"n�<2w1�B8o4ǭa&r�6oA���Mz4��z<8ѿ`#x
uY<��wMtOЫ�ȹf"�9�oє^\gC
΅*˗ X֭2\K.��s˸ [2lZ jXJr�
9;��!V�ɉ�|!<0BRheNY{?�/Cܢ|�_ƃI`a\m�8RV�fO�Lw u�
�x�n'K7b5)"Q3e~e���߁6S�bZ��$قƠ�֝��T#9ZcX�n`Pn=,6"fG9t}�y
x���@�_a9vK�K?�0'O�=8Ï �CqzvwʱDm��qgδ ��"�d`+7�k&0x�Y��~1I#�Ҵ��)nʌ˟$41���^��3˙߳�z��o,s�Lx��EW�& ?YrB�
�eC�gIrT~gF}*P�=eZP=�v"8%Yz'{io=G}c_V�e�ńK�!:F1d���/�\*_L$Cb9G$]!
""_S a�oh�ly>ಁe"�`�
�s�l#اTét�r!���,NN,]ɿlٹs˜1J1Д8ٶ2#OA+r
O�e[� ��O"O�Cڰ24a�(�zc<��z�nG}L��4ϦJu!A]�?_�vs[>/R`���{z��w1Ǹ[�0rczz�
�ɴ{%̅2 !ɴZxyU~ҥ�N�.I,g`aQd+$*)�ؐ��W
���k`4bV@P��1,F�,�o�ԟ'T�S*�4.>ϭn<\e%hw2b5�9�ʧ3�~p��<Ǹ(��+n:�'�wX;Ek�B(Oz��}=C*'UF�7:Q}BeFBl4.�$םY*�?#[7nxa�W�RTFYzhI:N��J]���P r9̳�ś|`bhPS!aa%nǝlr �n%96L]_X�
P��wd� *��
|
Network Security & Hardware 
