This resource is no longer available
Data Encryption 101: A Pragmatic Approach to PCI Compliance
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements on how to secure credit card numbers, but the specification serves more as general technical guidance than an operational checklist. Requirements are fairly general in nature, telling you what you need to do but not how to do it. In some cases this isn’t a problem, such as with network security. For securing “data at rest”, it’s a big problem. It’s not like we can point a merchant to the PCI specification and say “Do that.” There are questions regarding which security technologies are really appropriate for credit card storage, but even more importantly, which implementation options merchants should employ. Our goal is to fill in the gaps with actionable advice for PCI compliance in the area of encrypted data storage, and provide specific recommendations for day-to-day credit card storage & management.