Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI Question

From: daniel svartman <danielsvartman () gmail com>
Date: Thu, 20 Jan 2011 10:10:02 -0300
Hi mechele,
Regarding to the BIN, the PCI DSS Specifies that the first 6 digits
(BIN) can be stored without encryption. Thereore if you had truncated
it or hashed is ok as it is. Secondly, additional controls means the
security measures applied to The hashing solution you are using and
the data stores. I.e.: if yhr hashing encryption is supported by PCI,
who can access the solution oe the source code to hash, etc.


Hope this helps.

Regards,

Daniel

On Wednesday, January 19, 2011,  <targaz () cox net> wrote:

I'm waiting for some clarification from the PCI SSC, so in the meantime I thought I'd send out the question to the 
group and get some addtional thoughts;

There is a note in section 3.4 that states if you have a hashed and truncated version of the PAN in the same 
environment you must implement additional controls.

We have a hashed version of the PAN in our database and also the BIN in a separate column.  First question would be 
if the BIN qualifies as a truncated version.  (I think technically it would).  And second question;   what would 
constitute 'additional' controls?

Thanks,
Michele

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: