Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card scams and numerous additional security threats & vulnerabilities.

This article evaluates and compares manual and automated cryptographic key management. It looks at security-related issues as well as organizational and economic aspects.

 Some time ago, I consulted a bank about their cryptography and security processing system, which was painstakingly slow. After one week of trying to find the problem, I looked at the cryptographic subsystem, which used Windows Crypto API and a certified CSP.

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database.

Encryption key management systems are now essential for all companies needing to lockdown data in the cloud, says Matt Landrock, CEO, Cryptomathic Inc.

Cryptography is the foundation of protecting electronic data and cyber security. Encryption can effectively prevent breaches while also protecting both consumer privacy and sensitive data.

Conversations about cryptography are common place in the cyber-security world.  One can find security professionals discussing everything from PKI to issues with RSA. 

This article explains some of the cryptographic key management tasks involved in demonstrating and proving compliance to acceptable standards, and how this process can be simplified by centralization, automation, and adequate preparation.

The Key Management Interoperability Protocol standard intends to provide interoperability across various key management environments and hence to reduce costs and increase efficiency of heterogenious cryptographic applications.