[Owasp-singapore] PCI does not require end-to-end encryption within private networks??

Wong Onn Chee ocwong at usa.net
Wed Jan 28 00:28:42 EST 2009


Hi folks,

For those who are more familiar with PCI-DSS, are the claims below
correct - that PCI-DSS does not require end-to-end encryption within
private networks?

http://www.networkworld.com/news/2009/012209-heartland-breach.html?hpg1=bn

"Billions is being spent on PCI compliance, but it isn't really
working," says Gartner analyst Avivah Litan. "PCI's dirty little secret
is that it doesn't mandate encryption inside a private network because
then all the processors would have to encrypt."

Regards
Onn Chee



More information about the Owasp-singapore mailing list