In an effort to communicate the vital role that standards play in daily life, the American National Standards Institute
(ANSI) publishes a series of snapshots of the diverse standards initiatives undertaken in the global and national standards arena, many of which are performed by ANSI members and ANSI-accredited standards developers. Two of the latest selections follow: Protecting Credit Card Data
The U.S. Department of Commerce's Census Bureau
estimates that in 2012 there were more than 1,167 billion credit cards and 530 billion debit cards in circulation in the United States, resulting in more than $2,378 billion in credit card sales and $52,620 billion in debit card sales. Protecting the security of these transactions and associated cardholder data is an enormously important task. To aid vendors in clearly identifying which cardholder data they need to protect and how to protect it, a new ANS has been published by Accredited Standards Committee X9, Inc. Financial Industry Standards
(ASC X9). ANSI X9.119-1-2013
, Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 1: Using Encryption Methods,
defines minimum security requirements for protection of data from the point of encryption to the point of decryption in a given system. X9.119-1-2013 does not cover methods of cardholder authentication, such as Personal Identification Number (PIN), nor physical or logical security requirements for protecting the sensitive payment card data at the point of entry prior to entering a Secure Cryptographic Device (SCD). An ANSI organizational member and accredited standards developer, ASC X9 seeks to develop, establish, maintain, and promote standards for the financial services industry. ASC X9's standards are used throughout the industry as well as by the federal government to facilitate delivery of financial services and products to users, and to promote global commerce.