PCI Security Standards Council announces first PCI point-to-point encryption release

PCI Security Standards Council announces first PCI point-to-point encryption release

The PCI Security Standards Council recently made available the first set of validation requirements for its point-to-point data security encryption program. The newly adopted standards emphasize hardware-based solutions and support optional scope reduction initiatives in a safe Payment Card Industry Data Security Standard compliant structure.

The new document was written for vendors, assessors and solution providers who participate in the development, implementation or assessment of products. The document also defines requirements for appropriate point-to-point encryption solutions intended to reduce the scope of the PCI DSS assessment for merchants.

The PCI SSC is a global, open standards group that manages PCI DSS, PIN Transaction Security requirements and the Payment Application Data Security Standard. The PCI Point-to-Point Encryption Solution Requirements document provides guidance to merchants, vendors and assessors who want to construct and deploy hardware-based point-to-point encryption systems that are PCI DSS compliant while offering scope reduction for merchants.

The announcement comes on the heels of a data security summit that found that security measures produce positive results. The InfraGard Cyber-Defense Summit featured experts who shared information about nascent information security threats facing organizations and detailed strategies on how to protect against data security breaches.