PCI DSS
If your business handles credit card information, you're more than likely required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) regulation.
PCI DSS version 3.2 requirements relate to payment platforms and the protection of payment information and establishes the technical and operational framework needed to protect consumers from data security risks.
With PCI DSS, it is mandatory to mask primary account numbers (PAN). Annual validation is required by an independent PCI Qualified Security Assessor.
The law facilitates consistent measures for data security globally. Merchants and credit card processing companies are obliged to comply as do e-commerce companies, ATM and cash register operators, money transfer companies, and money exchanges.
How can data protection tools help? With PCI DSS, it is mandatory to mask the PAN both in production and in development environments and recommends to protect the rest of the persistent elements in accordance with the local legislature and best practices. Automatic data masking allows you to be proactive with your data protection efforts, and to safeguard other identifiable elements like names, dates, and service codes as well.
There are several persistent data elements that PCI DSS either dictates standards of protection for including:
-
Primary Account Number (PAN)
-
Cardholder Name
-
Expiration Date
-
Service Code
Learn more about privacy laws here.
How Hush-Hush can help with PCI DSS compliance
Any business that handles credit card data always has to stay one step ahead of cybercriminals. Data masking prevents unauthorised access to credit card information by 'masking' sensitive elements, such as the last four digits. Several data masking methods can be used to do this, including unique substitution, shuffling, and format-preserving encryption.
Data masking changes the format of sensitive data in order to protect it, whilst keeping its usefulness for testing and training. It is an essential step for maintaining organization-wide data privacy.