We have come across a number of scenarios recently where there seems to be a bit of confusion between masking and truncation and when to use which one. The following update from the Axenic PCI department should help clear things up.
“How does driving a 1,300km journey during the COVID-19 lockdown relate to PCI compliance?” I hear you say…
As those of you who know me, or have seen me present will know, I love a good metaphor.
Over Easter weekend I had the somewhat surreal experience of driving the 1,300km journey from home to Auckland International Airport and back again during New Zealand’s level 4 COVID-19 lockdown. On the trip home I was reflecting and couldn’t help thinking about the similarities between the lockdown, making this a safe compliant trip and PCI DSS compliance.
Verizon has published its 2014 PCI Compliance Report, which can be downloaded from here. Like their Data Breach Investigation Report (DBIR) it is an excellent piece of research and provides insight into the challenges associated with complying with the Payment Card Industry’s Data Security Standard (PCI DSS) v2.0.
On the 30 March Global Payments Inc. announced that it had suffered a data breach that had led to the Track 2 (i.e., the primary account number, expiration date, service code, PIN and CVV number) data of approximately 1.5 million credit cards being “exported” from its North American payment processing system.