Thursday, August 1, 2013

Detecting card numbers

Author: Anuj Tewari

The Payment Card Industry Data Security Standard (PCI DSS for short) requires that card numbers are not transmitted insecurely and are not displayed to  most users unmasked. Naturally a network monitoring system such as an IDS or an IPS seems like a natural enforcement system to ensure that such information is not sent against the regulation over a network but a closer examination shows that a correct implementation is far from trivial. And Network Vulnerability Tests are also helpful in detecting that any sensitive information is present in the environment or not.