Maintaining PCI compliance is a vital part of managing your customers’ data and ensuring proper website security. However, it can be daunting to implement processes to meet all PCI DSS requirements. The ATG PCI Encryption Module helps e-commerce businesses to stay compliant by addressing the following three:
- Credit card numbers must be encrypted using strong cryptography.
- Encryption keys must be stored securely, additionally encrypted, with severely restricted access.
- Key changes must be performed periodically.
The ATG PCI Encryption Module satisfies these requirements by utilizing AES 256-bit encryption, a data encryption passphrase and a key encryption passphrase used to encrypt the data encryption passphrase. Additionally, the two passphrases are stored in separate systems on separate servers.
Supported Batch Encryption Actions:
- Existing plain text data encryption,
- Re-encryption of data which is currently encrypted with another non-PCI compliant system,
- Re-encryption of data with a new passphrase based key (it makes the annual PCI mandated key rotation a simple matter).
If you have any questions, want to report an issue, or leave feedback related to the ATG PCI Encryption Module, please visit the Spark::red ATG PCI Encryption Module GitHub page.