Enabling and configuring global data encryption settings
Enable data encryption and configure global settings.
- In the user interface, click the Administration tab.
- Select from the navigation menu.
- Click the System tab. Scroll down to the Encryption section.
- Clear the Reuse keys checkbox.
- Select the Wipe deleted files and Encrypt sensitive exports checkboxes.
Encryption covers the actual production data and certain parts of the configuration where PANs or other sensitive data are expected, for example, in conditions and audit trails. Other parts of the configuration are not encrypted. You must never store clear PANs or other sensitive data in name and comment fields in IBM® Safer Payments.
The PCI DSS standard recommends defining a maximum cryptoperiod after which a key must be replaced with a new one. For more information, see Enforcing regular key changes.
According to PCI DSS requirement 3.5.1, PANs must be rendered unreadable anywhere that they are stored. Therefore, you must enable Encrypt sensitive exports.