Visa Europe on Data Field Encryption, PCI DSS

This month (March 2010) Visa Europe released a full guidance document on Data Field Encryption: Device and Key Management Guidance.  This relates directly to “end-to-end” encryption, “point-to-point” encryption or “account data” encryption and the process of securing transaction data in transit and in storage.  This has been a critical focus of the payment card community.  A nice article highlighting the benefits of this guidance document and endorsements by major organizations in Europe can be found here.

Simply put though, the guidance provides 71 pages of excellent specific data on what these technologies should be doing at minimum.  This provides operators and auditors with a tool to compare equally the unique solutions being deployed globally, and a common baseline of control safeguards.

The full guidance document may be downloaded here.  A direct link to the PDF is here.

Please note this is focused on Visa Europe.

Thoughts and concerns with this guidance and / or the technology?

James DeLuccia


One response to “Visa Europe on Data Field Encryption, PCI DSS

  1. Found a great web site with PCI resources, tools, info, and vendors. Check out

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s