In today's ever-evolving digital landscape, the protection
of sensitive data stands as a top priority for organizations across various
industries. Safeguarding critical information, such as Primary Account Numbers
(PANs), is of utmost importance to ensure the confidentiality and integrity of
customer data. One essential aspect of data security is the implementation of
cleartext PAN removal, a defense-in-depth control mechanism designed to fortify
data protection against unauthorized access. In this comprehensive article, we
will delve into the significance of cleartext PAN removal and explore the
implementation of secondary independent control systems to prevent breaches.
Additionally, we will examine the utilization of keyed cryptographic hashing
algorithms, incorporating randomly generated secret keys, as a robust measure
to resist brute force attacks and ensure secret authentication integrity.
I.  Understanding Cleartext PAN Removal:
In the realm of data security, the term "cleartext
PAN" refers to the storage of Primary Account Numbers in an unencrypted
and easily readable format. Storing PANs in cleartext poses a significant risk,
as it leaves the data vulnerable to unauthorized access. To mitigate this risk,
organizations employ the practice of cleartext PAN removal, which involves
encrypting or hashing the PAN before storage.
When a PAN is encrypted, it is transformed into an
unreadable form using an encryption algorithm and a corresponding encryption
key. This ensures that even if an unauthorized individual gains access to the
stored data, they would not be able to decipher the PAN without the encryption
key. Encryption provides a high level of security but comes with the need to
manage encryption keys securely to prevent unauthorized access.
Alternatively, organizations can employ cryptographic
hashing algorithms to convert PANs into fixed-length hash values or digests.
Hashing algorithms, such as SHA-256 (Secure Hash Algorithm 256-bit), apply a
one-way process to the PAN, generating a unique hash value. This hash value is
mathematically derived from the PAN but cannot be reversed to retrieve the
original PAN. Therefore, even if an attacker gains access to the hashed PANs,
they would not be able to retrieve the original PAN without engaging in a computationally
expensive and time-consuming process known as brute force attack.
II. Secondary Independent Control Systems:
While cleartext PAN removal significantly enhances data security, organizations must implement secondary independent control systems to protect against potential breaches. These control systems act as an additional layer of defences, safeguarding the confidentiality of stored PANs even if the primary access control system is compromised.
Cryptographic Key Management:
One crucial aspect of secondary independent control systems
is cryptographic key management. Cryptographic keys play a vital role in
encryption, decryption, and hashing processes. By effectively managing these
keys, organizations can ensure that only authorized individuals have access to
the keys required to decrypt sensitive data or validate the integrity of hashed
Cryptographic key management involves various practices,
a) Access Controls: Strict access controls should be
enforced to limit access to cryptographic keys. Only authorized personnel
should have the necessary permissions to retrieve, use, or modify the keys.
b) Separation of Duties: Implementing separation of duties
ensures that no single individual possesses complete control over the entire
key management process. Dividing responsibilities among multiple individuals
reduces the risk of unauthorized key access or misuse.
c) Key Rotation: Regular key rotation is essential to mitigate the impact of a compromised key. By frequently changing cryptographic keys, organizations can minimize the window of opportunity for attackers to exploit a stolen or compromised key.
Cryptography and Decryption Key Governance:
In addition to cryptographic key management, governance over
cryptography and decryption keys is crucial for establishing a robust secondary
independent control system. This governance framework outlines policies,
procedures, and controls for the secure generation, distribution, usage, and
destruction of keys.
The governance framework for cryptography and decryption
keys should address the following:
a) Key Generation: Keys should be generated using strong
random number generators to ensure their unpredictability and resistance to
b) Key Distribution: Secure distribution mechanisms, such as
secure channels or hardware security modules (HSMs), should be employed to
transmit keys to authorized parties.
c) Key Usage: Proper controls should be in place to monitor
and track the usage of keys. This includes logging key access, usage, and
d) Key Destruction: When keys are no longer needed or
compromised, they should be securely destroyed to prevent unauthorized access
to sensitive data.
To Read Part 2, Click here