[Owasp-singapore] PCI does not require end-to-end encryption within private networks??
Wong Onn Chee
ocwong at usa.net
Wed Jan 28 00:28:42 EST 2009
For those who are more familiar with PCI-DSS, are the claims below
correct - that PCI-DSS does not require end-to-end encryption within
"Billions is being spent on PCI compliance, but it isn't really
working," says Gartner analyst Avivah Litan. "PCI's dirty little secret
is that it doesn't mandate encryption inside a private network because
then all the processors would have to encrypt."
More information about the Owasp-singapore