PCI Encryption
PCI Encryption, PCI Compliance, and PCI DSS does not HAVE to be a nightmare.
Want to make this easy? Go to the bottom of the page, and click "Solve The Problem".
Let your customers know that the problem is solved. This will give you more sales, guaranteed.
If you store your credit cards with your Payment Gateway Provider like Authorize.net, Paypal, etc., the SAQ is easy. If you don't store any credit card information on your server, your life can be much more stress free and simple. All you have to do now, is let your customers know that their credit card data is safe and secure. If you save credit cards on your own server, the SAQ will get more complicated.
TheFederal Reserve, and other agencies are enacting new rules which will not take effect until July 1st, 2010, to restrict credit card issuers from controversial abuse practices, such as double-cycle billing, interest rate increases, and late fees.
Is PCI Compliance the Law? Could it be?
Is PCI encryption and PCI compliance the law? No. Not as of this writing (11-01-2009). While it is not presently a federal law, there are state laws in effect and some that will go into effect, to require parts of the PCI Data Security Standard (PCI DSS) to be law. Also, there is a push by lawmakers and industry trade associations to force federal laws regarding breach notification and data security in general.
Minnesota has already passed a Plastic Card Security Act, which requires the reimbursement of banks and other money providers, if a company is found to have stored CVV codes, and other sensitive data that has been breached. If someone hacks into your data, and you have stored these items, you will be responsible. Can you spell "Private Lawsuits"??? This law does not include Level 4 merchants ... YET!
If you really want to risk a BRAIN MELT-DOWN there is more information on PCI DSS, Secure Payments, and Regulatory Compliance at this link Society of Payment Security Professionals.
Want more information? You can get more information, for no charge. Just put in your name and email at the bottom of the page, and click "Solve The Problem".
"What is PCI Encryption?"
 |
What are the essential components for PCI Encryption? |
|
|
The Algorithm must be Secure |
|
|
Use AES - You can't get into trouble using AES. It is the official encryption algorithm of the US Government, and it is considered secure to the year 2030 and beyond. |
|
|
What key length to use? Well, if you use AES, it can be 128, 196, or 256. They are all acceptable. The NSA (National Security Agency), has approved AES with a key length of 196 or 256 for TOP SECRET data, and 128 is very secure for PCI Compliance. |
|
|
How do I generate keys? The simple answer is: Randomly. Do not think up keys, they can be guessed. Use a random key generator with lower case, upper case, numbers, and special characters. This combination makes cracking the code virtually impossible, if the key is long enough. |
Take the easy way. Use a vendor that has responsibility for PCI Encryption, and
Let your customers know that their credit card data is safe and secure and Avoid a
BRAIN MELT-DOWN. Go to the bottom of the page, and click "Solve The Problem".
| First Name: |
| E-mail address: | |
**Your e-mail information is kept strictly confidential, and will not be sold or abused in any way. **
