PCI DSS

If your business handles credit card information, you're more than likely required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) regulation.

 

PCI DSS version 3.2 requirements relate to payment platforms and the protection of payment information and establishes the technical and operational framework needed to protect consumers from data security risks.

With PCI DSS, it is mandatory to mask primary account numbers (PAN). Annual validation is required by an independent PCI Qualified Security Assessor.

 

The law facilitates consistent measures for data security globally. Merchants and credit card processing companies are obliged to comply as do e-commerce companies, ATM and cash register operators, money transfer companies, and money exchanges.

How can data protection tools help? With PCI DSS, it is mandatory to mask the PAN both in production and in development environments and recommends to protect the rest of the persistent elements in accordance with the local legislature and best practices. Automatic data masking allows you to be proactive with your data protection efforts, and to safeguard other identifiable elements like names, dates, and service codes as well.

 

There are several persistent data elements that PCI DSS either dictates standards of protection for including:

• Primary Account Number (PAN)

• Cardholder Name

• Expiration Date

• Service Code

Learn more about privacy laws here.