Posted on October 8th, 2009 No comments
Visa’s just-announced best practices are designed to provide guidance and give tacit endorsement to existing end-to-end encryption and, to some extent, tokenization. Merchants are likely to see it as “something else to do” and as further evidence that the card brands will continue to go their own way relative to data security, despite the PCI DSS industry standards.But PCI Columnist David Taylor sees something else interesting here. “For the last 4-5 years, companies have been told that achieving PCI compliance is much easier if they segment their network.
Does Visa’s Encryption Statement Offer A “Tacit Endorsement”?