A Guide to Key Management for PCI Compliance

Organizations that store, process, or transmit cardholder data are subject to the Payment Card Industry (PCI) Data Security Standard (DSS). Central to the PCI standard is the encryption of cardholder data wherever it is located or processed. While the use of encryption is increasing in security-conscious organizations, it still enjoys a reputation as a complex technology and one that's not always readily embraced by IT. This paper examines how an enterprise key management system can facilitate PCI compliance, and further, how it can mitigate the challenges of deploying encryption across the enterprise. The paper goes on to offer guidance for evaluating a key management system. Finally, a summary of how nCipher solutions address specific aspects of the PCI standard are reviewed.