Search: Advanced search
Browse by category:
How Bloombase helps enterprises achieve Payment Card Industry Data Security Standard (PCI DSS)?
Payment Card Industry Data Security Standard (or PCI DSS in short) was developed by credit card companies including Visa, MasterCard, American Express, Discover and JCB, etc as a guideline to help merchants and transaction processing companies to prevent credit card fraud, cracking and various other security vulnerabilities and threats.
Any company which processes, stores, exchanges payment card data must be PCI DSS compliant, otherwise, they risk losing their ability to process credit card payments and being audited and fined.
Version 1.1 of PCI DSS describes 12 requirements that merchants and credit card processing companies need to comply to where Primary Account Number (PAN) has to be securely protected stored and transmitted.
Requirement 3 - Protect Stored Cardholder Data
3.4 Render PAN, at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches:
• Strong one-way hash functions (hashed indexes)
• Index tokens and pads (pads must be securely stored)
• Strong cryptography with associated key management processes and procedures.
The MINIMUM account information that must be rendered unreadable is the PAN.
3.5 Protect encryption keys used for encryption of cardholder data against both disclosure and misuse.
Requirement 4 - Encrypt transmission of cardholder data across open, public networks
4.1 Use strong cryptography and security protocols such as secure sockets layer (SSL) / transport layer security (TLS) and Internet protocol security (IPSEC) to safeguard sensitive cardholder data during transmission over open, public networks.
Bloombase created Spitfire security platform to address compliance requirements suggested by PCI DSS to ensure true privacy of credit cardholder information. Spitfire security servers protect encryption and digital signing keys inside hardware security module (HSM) from disclosure and duplication. Spitfire servers encrypt data with NIST certified AES, 3DES and DES cryptographic algorithms and create digital signatures to assure data integrity by international standards including Public Key Infrastructure (PKI), X.509 digital certificates and W3C XML digital signature.