Last month, the National Institute of Standards and Technology published a standard addressing the need for changes in encryption. The change would move encryption away from the binary data usually used and towards a "block cipher mode" instead. This is part of a move to Format-Preserving Encryption, which consists of two separate techniques so far. According to this document, this encryption method would also mesh well with older applications.
This is necessary because "previously approved" methods cannot meet the need for sufficient encryption. In a blog post on this new standard, NIST standard author Morris Dworkin said that the FPE number would be compatible with legacy devices due to its structure.
"FPE can facilitate statistical research while maintaining individual privacy, but patient re-identification is sometimes possible through other means," Dworkin said. "You might figure out who someone is if you look at their other characteristics, especially if the patient sample is small enough. So it's still important to be careful who you entrust the data with in the first place."
He also said that a credit card number with FPE enabled doesn't look different from a standard version. Because of this, it could be easier to recognize than other encrypted information and pose less confusion to user software.
The new option comes with support from Hewlett Packard Enterprise, which collaborated with the NIST and is trying to promote the new FPE elements on multiple fronts, including mobile devices. This could signal the widespread importance of this standard and the new forms of safer credit card protection it represents.
Updating card processing software helps merchants embrace the latest security methods for the sake of their customers, as well as their own liability. Contact 911 Software for more information.