ASC/X9 - ANSI X9.119-1
Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 1: Using Encryption Methods
|Publication Date:||27 May 2016|
This part of X9.119 defines minimum security requirements when employing encryption methods to protect sensitive payment card data. For the purpose of this standard "protection" refers to maintaining the secrecy of the data from unauthorized disclosure. It applies to protection of the data from the point of encryption to the point of decryption, wherever those points may be in a given system.
Additional parts may be created to address alternative methods for protecting sensitive payment card data.
The following are outside the scope of the standard:
- Methods of cardholder authentication, such as Personal Identification Number (PIN)
- Physical or logical security requirements for protecting the sensitive payment card data at the point of entry prior to entering a Secure Cryptographic Device (SCD).