Do we need to encrypt all customer information like first name, last name,address or only those data which are related with card payment.
Asked
Active
Viewed 99 times
1 Answers
0
Encrypting any Personally Identifiable Information (PII) is actually a pretty good practice if you can do it.
Pages 7 & 8 of the PCI DSS security standard tell you what needs to be encrypted. The fields in the category of cardholder data all need to be encrypted if stored/transmitted with the PAN. This includes card holder name (among other data), but does not include the card holder address.