Enabling cardholder data encryption
Create encrypted attributes to hold sensitive cardholder data.
In the next step, you must activate PCI DSS-compliant encryption of cardholder data to be stored in IBM® Safer Payments. To comply with PCI DSS requirement 3, do not process sensitive authentication data.
If you intend to store the Primary Account Number (PAN) in IBM Safer Payments, you must enable encryption for this data attribute in IBM Safer Payments as defined in PCI DSS requirement 3.5.1.
Attribute names can be chosen freely in IBM Safer Payments. However, in this documentation, the attribute for the Primary Account Number is named PAN.
- Log on with a user account that has at least the following privileges:
Note: Refer to the online documentation for details about user access administration.
For more information about logging on, see Starting the first cluster instance.
- Click the Model tab.
- Click the checkbox for the Champion entry.
- Click the (Copy) icon.
- Click the newly created Challenger entry.
- Select from the navigation menu.
- Click the (New input) icon to create a new attribute.
- The New Attribute form opens.
Note: To be PCI DSS-compliant, you must now enable encryption for the PAN attribute. For all other sections not relevant for PCI DSS, refer to the online documentation.
- Enter PAN in the Name field and select the checkbox in the Encrypted field. Complete the remaining fields as needed to meet your requirements.
- Click the (Save) icon to save the new attribute.
- You can now define other attributes that are required for your specific IBM Safer Payments application. To comply with PCI DSS, make sure that no sensitive authentication data is defined.
- Next, select from the navigation menu.
- Click the (Golive) icon. The decision model is now being activated and all data that is stored in the PAN attribute is encrypted.