Requirement 3.4 in the Payment Card Industry Data Security Standard mandates that financial service and retail companies, "render Primary Account Number (PAN), at minimum, unreadable anywhere it is stored." While the PCI standard provides a number of ways to do this, most large companies equate the term "unreadable" with encryption.
So here is the rub. PAN data is stored in a bunch of places but everyone stores it in databases. I'm talking about massive databases here--think hundreds of gigabytes to terabytes of data in many cases. Now when your database gets this big, you … Read more