WAKEFIELD, Mass. — The PCI Security Standards Council here released guidance papers on the use of point-to-point encryption and EMV (chip card) technologies in a payment card data environment.
The papers — “PCI DSS Applicability in an EMV Environment” and “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” — seek to help merchants understand how these technologies will define or reshape the cardholder data environment, as well as how they impact PCI data security standard compliance efforts.
“With this guidance we’re helping [stakeholders] understand how they can better secure their payment card data and how specific technologies may assist them in meeting the requirements of the PCI DSS,” said Troy Leach, chief standards architect, PCI Security Standards Council, in a statement.
“It is important to remember that there is no silver bullet to securing a payment environment,” said Bob Russo, general manager, PCI Security Standards Council. “Implementing one of these technologies will not automatically make you compliant with the PCI DSS. Instead organizations should focus on a layered approach to security. We believe the PCI Security Standards provide a solid foundation for a security standard to look after your payment and other types of data, but security does not start and end with compliance. Focus on good security and compliance will follow.”