The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures. The problem is that the guidance provided is not always clear. This is especially true when it comes to secure storage of credit card information. The gap between recommended technologies and how to employ them leaves a lot of room for failure. This white paper examines the technologies and deployment models appropriate for both security and compliance, and provides actionable advice on how to comply with the PCI-DSS specification.

This page provides a place to participate with comments, recommendations or critiques in the comment fields below.

As always, we research and write the content, and sponsors decide to participate (or not) only after the content was made publicly available on the blog. We would like to thank Prime Factors, Inc. for their sponsorship of this paper.

Data Encryption 101: A Pragmatic Approach to PCI Compliance. (PDF)

(Version 1.0, September 2010)