NIST & FIPS Considerations for EMV Tokenization

In this article, we will review some of the constraints of an EMV tokenization solution when it comes to FIPS and more generally, NIST considerations.

Read more

Some of the Technologies Behind Tokenization for Card Transactions and PCI-DSS

The EMV consortium released several standards detailing how “network” tokenization should be handled. There is now a general consensus within the consortium that tokenization could be the next major task for EMV payments.

Read more

What is Banking-Grade Tokenization According to PCI DSS

The concept of a token has been used in the digital world for almost 50 years to separate and protect real data elements from exposure. In recent times, the concept of tokenization has been used as a security mechanism for protecting sensitive data.

Read more

How to Reduce Cryptography-Risks related to PCI DSS

The payment card industry data security standard (PCI DSS) calls for all financial institutions and merchants to protect their clients’ sensitive data, which typically includes the use of strong cryptography as dictated by PCI DSS requirement 3. Most organisations empty this burden on the IT department or IT management teams and hope all their compliance is covered. However, in most cases when there is a data breach, the burden lies on the shoulders of the C-level management, who are left to answer to the difficult questions.

Read more

An Introduction to the Role of HSMs for PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) helps to safeguard cardholders’ private information. The Payment Card Industry Security Standards Council (PCI SSC) enforces the standard through recommendations and requirements that aim to ensure security across all organizations involved in the processing of cardholder information.

Read more

Introducing a PCI DSS compliant Key Management System to a Bank

A key management system is a critical component in achieving PCI DSS compliance for a banking institution. It involves implementing a crypto system that manages the secure creation, exchange, distribution, storage and use of cryptographic keys for the ultimate goal of protecting users’ or clients’ sensitive data.

Read more

PCI DSS Compliance Validation

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to prevent credit card fraud and protect against numerous additional security threats & vulnerabilities.

Read more

An Introduction to PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to protect against credit card fraud and numerous additional security threats & vulnerabilities. Credit/Debit card providers, such as MasterCard and Visa etc., implement the mechanisms and security controls specified and suggested in PCI DSS.

Read more

Key Management Lifecycles compliant to PCI DSS

This article highlights the NIST key lifecycle recommendations in relation to PCI DSS compliance.

Read more