Data encryption best practices for PCI

I get a lot of questions from clients going through PCI or PA DSS assessments about what encryption and key strengths to use. The requirements just say that strong encryption should be used without going into details on algorithms or key strengths. Most people have no clue on what can be used and what cannot.

While the PCI DSS requirements state what to do to comply (such as review information security policy, review firewall rules, use 2-factor authentication, use strong encryption), they usually stay away from explicitly mentioning technologies, algorithms or products. These can change over time and the PCI SSC has tried to keep it as generic as possible, since there are so many ways these requirements can be complied with.

To provide some guidelines to help with implementation, VISA released a document a few months ago that lists best practices for data encryption and provides recommendations on how to encrypt data, with regard to encryption algorithms, key management and the data to encrypt.

The document tries to address the following security goals when dealing with cardholder information:

  1. Limit clear-text availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption.
  2. Use robust key management solutions consistent with international and/or regional standards.
  3. Use key-lengths and cryptographic algorithms consistent with international and/or regional standards.
  4. Protect devices used to perform cryptographic operations against physical/logical compromises.
  5. Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs or fraud management.

This document references DUKPT (Derived Unique Key Per Transaction) and that is explained in one of my previous posts here.

For encryption, industry-tested and accepted standards and algorithms include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher). For hashing, SHA-2 family of algorithms (SHA-224, SHA-256, SHA-384 and SHA-512) is recommended with strong salts.

Visa Encryption Best Practices

Update (Novemebr 20, 2011):
Visa has released a supplement to the encryption best practices document mentioned above, called the Guide to Data Field Encryption. This document provides basic information and guidance on encryption algorithms, key management and key strengths.

Another resource that might be useful would be the ISO/IEC JTC 1/SC 27 N9780 SD12. This document provides an analysis of the security of 2-Key TDES (112 bits).

I included this in this post since I have had a lot of queries from clients on the use of 2-key TDES and its impact to PCI compliance. Looks like there are a lot of payment processors/merchants using this algorithm.