PCI Compliant nCipher

Designed to enable the highest level of security assurance, nCipher enabled PCI Compliant solutions are used by the world's most trusted organisations. nCipher solutions provide the encryption, key protection, and key management needed to achieve PCI compliance now and in the future. They are certified and integrated with leading applications - accelerating compliance and reducing costs.

Thales nCipher cryptographic modules enable organisation to meet compliance with the Payment Card Industry (PCI) Data Security Standard throughout the payment card transaction lifecycle, delivering:

  • Scalable encryption with nCipher hardware security modules (HSMs) that protect cardholder data as it is stored and transferred
  • Required protection for the keys used for encryption, authentication, or establishing a public key infrastructure with HSMs
  • Encryption key management
  • Backup tape protection

Securing data from point of sale (POS) through processing to storage is fundamental to Payment Card Industry (PCI) compliance. Whether card data is being transferred or stored, PCI requires that it be encrypted. Protecting cardholder data along with securing and managing encryption keys is defined in PCI. Transaction participants must:

  • Protect stored cardholder data while safeguarding encryption keys and maintaining robust key management
  • Secure transmission of cardholder data with encryption

It's not just a question of when to encrypt data. Trusted encryption must also scale, maintain data access, secure encryption keys, and support auditable key management. Specifically, PCI requires that the encryption keys used to protect data be secured to prevent misuse and data breaches. Additionally, the key management processes that ensure encryption keys are not compromised or inadvertently lost must be fully documented for auditing.