End-to-End Encryption Security Requirements
The Secure POS Vendors Alliance commissioned the End-to-End Security work group to provide clear guidelines on the application of encryption technology to payment card data used for retail financial transactions. These guidelines are meant to promote good information security practices and provide merchants with a clear understanding of what POS equipment encryption features should provide to reduce their information security risks related to payment account data; and as a subsequent benefit reduce their burden of compliance with Payment Card Industry Data Security Standards. This paper addresses encrypting payment card data in tamper resistant security modules. This paper does not address payment account Issuer standards or technologies. It does not address card, cardholder, or account verification and authorization schemes. It does not address transport layer or communications channel security.