PCI DSS Encryption Requirements Explained
Quick Answer
PCI DSS requires encryption of cardholder data both at rest (Requirement 3) and in transit (Requirement 4). At rest, stored PANs must be rendered unreadable using strong cryptography. In transit, TLS 1.2 or higher is mandatory. PCI DSS 4.0 no longer accepts disk-level encryption as the sole protection for stored PANs.
PCI DSS Encryption Overview
Encryption is one of the most critical controls in PCI DSS. Two requirements directly address encryption: Requirement 3 (protect stored account data) and Requirement 4 (protect cardholder data with strong cryptography during transmission). Together, they ensure that even if an attacker gains access to your systems, cardholder data remains protected.
Key Takeaways
- Stored PANs must be rendered unreadable using encryption, truncation, tokenization, or hashing
- TLS 1.2 or higher is required for all cardholder data transmissions over public networks
- PCI DSS 4.0 no longer accepts disk-level or partition-level encryption for stored PANs
- Cryptographic key management must include generation, distribution, storage, rotation, and destruction procedures
- Multi-tenant environments must use per-tenant encryption keys
Encryption at Rest (Requirement 3)
Any stored Primary Account Number (PAN) must be rendered unreadable. PCI DSS accepts four methods, but the most common for modern systems is strong cryptography with associated key management.
| Method | How It Works | PCI DSS 4.0 Status |
|---|---|---|
| Strong cryptography (AES-256) | Encrypts the full PAN with a symmetric key | Accepted — recommended approach |
| Truncation | Stores only first 6 and last 4 digits | Accepted — original PAN must not be recoverable |
| Tokenization | Replaces PAN with non-sensitive token | Accepted — token vault must be PCI compliant |
| One-way hash (SHA-256+) | Irreversible hash with salt | Accepted — original PAN cannot be recovered |
| Disk-level encryption | Encrypts entire disk or partition | NO LONGER ACCEPTED as sole protection in 4.0 |
⚠️ PCI DSS 4.0 Change: Disk Encryption
PCI DSS 4.0 Requirement 3.5.1.2 explicitly states that disk-level or partition-level encryption can only be used to render PANs unreadable on removable electronic media. For all other storage, you must use database-level, column-level, or file-level encryption that is independent of native operating system access controls.
Encryption in Transit (Requirement 4)
Cardholder data must be encrypted with strong cryptography whenever it traverses open, public networks. This includes the internet, wireless networks, cellular networks, and satellite links.
- TLS 1.2 or higher is required — TLS 1.0 and 1.1 are explicitly prohibited
- Strong cipher suites must be used (AES-GCM preferred, no RC4, no DES/3DES)
- SSL certificates must be valid, trusted, and not expired
- Internal network transmissions containing card data should also use encryption
- Wireless transmissions use WPA2 or WPA3 with AES encryption
Cryptographic Key Management
Encryption is only as strong as its key management. PCI DSS Requirement 3.6 and 3.7 mandate formal key management procedures covering the entire key lifecycle.
Key Management Lifecycle
Key Generation
Generate keys using FIPS 140-2 validated or equivalent cryptographic modules. Use appropriate key lengths (AES-256, RSA-2048+ or equivalent).
Key Distribution
Distribute keys through secure channels. Never transmit keys in cleartext. Use key-wrapping, hardware security modules (HSMs), or secure key exchange protocols.
Key Storage
Store encryption keys separately from encrypted data. Use HSMs, key management services (AWS KMS, Azure Key Vault), or split-knowledge/dual-control procedures.
Key Rotation
Rotate encryption keys at the end of their defined cryptoperiod. PCI DSS requires documented rotation schedules based on industry best practices and targeted risk analysis.
Key Retirement & Destruction
Retire keys that are no longer needed. Destroyed keys must be irrecoverable. Document the destruction process.
Recommended Encryption Standards
| Use Case | Algorithm | Minimum Key Length | Notes |
|---|---|---|---|
| Data at rest | AES | 256-bit | GCM mode preferred for authenticated encryption |
| Data in transit | TLS 1.2+ | N/A | Use AES-GCM cipher suites, disable weak ciphers |
| Key wrapping | AES-KW or RSA-OAEP | 256-bit / 2048-bit | Used to protect encryption keys during distribution |
| Hashing (PAN) | SHA-256 or higher | N/A | Must use cryptographic salt; MD5 and SHA-1 are prohibited |
| Digital signatures | RSA or ECDSA | 2048-bit / 256-bit | For code signing and certificate validation |
✅ Use managed key services
Cloud key management services like AWS KMS, Azure Key Vault, and GCP Cloud KMS simplify PCI DSS key management by handling key generation, storage, rotation, and access control in FIPS 140-2 validated hardware. They also provide audit logging that satisfies Requirement 10.
Can I use AES-128 for PCI DSS?
AES-128 is technically acceptable under PCI DSS, but AES-256 is recommended as a best practice. The computational overhead difference is minimal, and AES-256 provides a larger security margin against future cryptographic advances.
Do I need to encrypt cardholder data on internal networks?
PCI DSS 4.0 does not strictly require encryption on internal networks, but strongly recommends it. Requirement 4 applies to transmissions over 'open, public networks,' but many QSAs recommend encrypting internal traffic as well, especially given the prevalence of lateral movement attacks.
What is the difference between encryption and tokenization?
Encryption transforms card data using a key (it can be reversed with the key). Tokenization replaces card data with a random token that has no mathematical relationship to the original data (it can only be reversed by looking up the token in a vault). For PCI scope, both are acceptable, but tokenization can reduce scope more effectively.
How often must encryption keys be rotated?
PCI DSS 4.0 requires key rotation based on a documented cryptoperiod determined through targeted risk analysis. Industry best practices recommend annual rotation for data encryption keys. Keys used to protect other keys (key-encrypting keys) can have longer cryptoperiods.
Find Encryption & Key Management Solutions
Compare HSM providers, cloud KMS services, and encryption platforms for PCI DSS compliance.
Browse Encryption Tools