As a solution provider we are looking at changes required to Encrypt/Decrypt the PAN.

It seems we can achieve this simply using calls into the Windows API and this meets ( at least on the face of it ) the requirment.

We have looked at solutions from the likes of SafeNet that also require HSM devices. These tend to be more complex and for what they provide, very expensive.

Question is, to achieve compliance do we have to use these types of solutions ?

The Windows crypto API is probably sufficient for the encryption component, as long as the related requirements around key management etc can be met, and you live in a jurisdiction where windows permits the use of strong crypto (i.e. ~128 bit key length). Depending on the version of Windows and application components in use, the Crypto library may not be giving you US domestic-strength strong encryption.

Depending on your circumstances and application design etc, addressing the Key Management, handling and storage requirements, this work may have more, less or similar costs compared to commercial products.

Validate your design against all of section 3 to make sure its appropriate, in order to avoid a QSA asking for some changes at some future time.

Lyal

Thanks for the response. We are actually in the UK.

I had thought the issue was more likely to be with the keys than the method of encryption.

Requirement 3 makes significant reference to keys, storage, distribution, change etc. and I guess that can only be provided with some form of remote device, IE HSM.

It may seem a bit naive, but our thoughts were to simply embed a key into the application that encrypts the data field and similarly into the application which decrypts. This would be significant improvement on the current situation.

Not sure if this is relevant, but our customer base is relatively small and no customer is higher that Level 4.

Yes, it is generally (but not always) true that HSMs can simplify the key management processes and the implementation of code to enact this.
While PCI does not mandate HSMs, I'd encourage them to achieve at least a consistent minimum of secure key processes, if this is a workable option for your environment.

lyal

Hardcoding the key isn't PCI compliant but you don't need an HSM either. You could look a trusted platform modules (TPMs) which are mounted on some motherboards but I went down the road of having a master key that would encrypt the data encrypting keys.

The master key would need to be stored in hardcopy format (with split knowledge and dual control) and server memory only i.e. if the server needed a reboot the master key would need to be reentered manually...

There are other options too; keep asking questions and you'll get to a solution in the end :)