Visa Releases Global Data Encryption Best Practices
Posted October 7th, 2009
Today Visa has announced a new global industry best practices for data field encryption, also known as end-to-end encryption. This new best practices have been designed to advance the efforts of the payment industry to develop a common, open standard. At the same time the new practices is intended to provide guidance to early adopters and encryption vendors.
Card information is protected by data field encryption from the swipe all the way to the acquirer processor. Further there is no need for merchants to process or transmit card data in the “open.”
Visa has already successfully implemented data encryption in India, Thailand and Malaysia as part of national payment security initiatives.
Eduardo Perez, global head of data security, Visa Inc. said: “While no single technology will completely solve for fraud, data field encryption can be an effective security layer to render cardholder data useless to criminals in the event of a merchant data breach.”
“Using encryption as one component of a comprehensive data security program can enhance a merchant’s security by eliminating any clear text data either in storage or in flight.”
Visa has also helped to develop a necessary industry data field encryption standard as the chair of the ANSI X9F6 standards working group.
Avivah Litan, Vice President and Distinguished Analyst, Gartner Inc. said: “Given the interest expressed by merchants and processors, guidance from the card brands is a critical determinant in figuring out how to move ahead with encrypting data in transit, especially absent a global standard.”
“Companies should also be aware that if data is decrypted anywhere in their system, they are still at risk for a data breach.”
The new Visa’s best practices is designed to help organisations limit the risks commonly seen with credit card security. ‘ยข Cleartext availability of cardholder data will be limited to the point of encryption and the point of decryption.
- They can also use key-lengths and cryptographic algorithms consistent with international and/or regional standards.
- Devices used to perform cryptographic operations against physical/logical compromises will be protected better.
- Alternate accounts or transaction identifiers can be used for business processes that require the primary account number for the utilisation after authorisation has taken place.
Perez concluded with the following: “Investing in data field encryption is valuable, but should be understood as a complement rather than a replacement for PCI DSS compliance, which remains the best protection against a data compromise.”
Related posts:
- Australian Charged For Infecting 3,000 PCs And Capturing Credit Card Data
- Australian's Still Dining Out Using Credit Cards Amidst Global Downturn
- MasterCard And VISA Negotiate Credit Regulation With Payments System Board
- Consumers Becoming More Thrifty Amidst The Global Financial Crisis
- Visa See No Sign of Economic Slowdown
Comparison of our Top Credit Card Offers
| Interest Rate (p.a.) | Balance Transfer Rate (p.a.) | Annual Fee | Cash Advance Rate (p.a.) | |||
|---|---|---|---|---|---|---|
Citibank Clear Platinum Card | A low interest rate offer on balance transfers and purchases | 11.99% | 2.9% for 12 months | $99 | 21.74% |   |
St George Vertigo | An introductory offer on balance transfer and a low annual fee | 13.24% | 0.99% for 12 months | $55 | 21.49% | |
Virgin Flyer Credit Card | Earn 1 velocity point per $1 spent, plus an introductory offer on balance transfers | 20.99% | 1.9% for 9 months | $99 | 20.99% | |
Westpac 55 Day Credit Card | No annul fee for the first year with a low rate on balance transfers and purchases | 0% for 5 months (reverts to 19.59% ) | 3.99% for 6 months | $0 | 21.49% | |
ANZ Frequent Flyer | An exclusive bonus points offer, Plus extended warranty, overseas travel and medical insurance,90 day purchase security insurance. | 19.74% | $95 | 20.99% | |
Add a Comment