Chapter 6. Protecting Cardholder Data
The Payment Card Industry Data Security Standard (PCI DSS) was created to decrease the risk of electronic card transactions by mandating security controls at merchants and service providers; it is, thus, obvious that protecting the data is one of the key goals of the standard. Most of the 12 requirements cover data protection at least indirectly. We can even say “it is all about the card data”; however, there are two requirements that particularly apply to protecting card data that is stored (“data at rest”) or transmitted (“data in motion”) in your environment. This chapter covers such narrow data security requirement, which is mostly related to avoiding the storage of data and encryption.