maravis.com

One of the more common questions that I get from clients is whether other cardholder data elements such as name, expiry date, etc. need to be encrypted when stored in conjunction with the PAN (Primary Account Number) to be PCI compliant. As with most PCI DSS requirements many people, including QSAs, insist that anything that is stored in conjunction with the PAN need to be encrypted or otherwise rendered unreadable.

As a PA-QSA working for a QSA company, I take calls from people wanting to get PA-DSS validation for their application(s). June 30, 2010 is the deadline for all merchants and service providers to start using PA-DSS validated applications.

There was a news article on the BBC website today about a man arrested for stealing 130 million credit card numbers. He along with a couple of Russian co-conspirators (unnamed), broke into several organizations such as 7Eleven, Hannaford Brothers, Heartland Payment Systems, to name a few and stole credit card numbers with the intent of selling them on.