What is the cardholder data environment (CDE)?

Payments
Payments

针对不同规模业务打造的支付解决方案,满足从初创公司到跨国企业的多维度需求,助力全球范围内线上线下付款。

了解更多 
  1. 导言
  2. What role does the CDE play in the payment card industry?
  3. Components, requirements, and data types within the CDE
    1. Components
    2. Requirements
    3. Data types
  4. PCI DSS requirements for a CDE
  5. How to create and maintain a secure CDE
  6. How to handle a CDE breach

The cardholder data environment (CDE) refers to the mechanisms that process, transmit, or store cardholder information within a business. Specifically, this includes any system components directly involved in the handling of cardholder data, which can consist of software, hardware, and any other procedures or policies that affect the security of credit card transactions and data.

Below, we’ll cover what you should know about the CDE: what role it plays in payments, how it works, and how businesses can cultivate a strong, secure, and reliable payment environment.

What’s in this article?

  • What role does the CDE play in the payment card industry?
  • Components, requirements, and data types within the CDE
  • PCI DSS requirements for a CDE
  • How to create and maintain a secure CDE
  • How to handle a CDE breach

What role does the CDE play in the payment card industry?

The CDE is the infrastructure in which payment card details are processed, stored, or transmitted within a business. This environment includes all the technical and operational systems that handle payment card data. Here’s an overview of some of the important functions the CDE provides within the broader payment ecosystem:

  • Protection of cardholder data: Businesses use the CDE to shield customers’ payment information from unauthorized access and data breaches. In 2021, there were more than 4,100 of these breaches, according to a report from Flashpoint and Risk Based Security. Having a dedicated environment lets businesses focus security measures where they are needed most.

  • Compliance with standards: Entities that handle cardholder data must adhere to the Payment Card Industry Data Security Standard (PCI DSS), and the CDE is where they direct compliance efforts to meet these standards.

  • Risk mitigation: The CDE empowers businesses to pinpoint and decrease risks to payment card data. Given the potential repercussions of a data breach, protecting this data is important. For example, in 2013, a major credit card breach at Target resulted in over $290 million in cumulative expenses and a decline in stock prices.

  • Customer confidence: A secure CDE can build customer confidence by showing customers their payment information is safe.

  • Maintaining transaction integrity: The CDE ensures transactions are conducted securely and accurately, maintaining the integrity of the payment process.

  • Avoiding legal and financial consequences: Data breaches can lead to legal action and significant financial losses. Businesses use the CDE to protect themselves against such outcomes.

A business that handles payment card data without an effective CDE strategy risks its financial health and reputation. Below, we’ll cover how to develop a thoughtful plan to minimize risks and maximize benefits.

Components, requirements, and data types within the CDE

Within a CDE, several components interact to manage sensitive payment card information. Here’s a look at these components, the requirements for safeguarding them, and the types of data they handle:

Components

  • Computing hardware: This includes servers and workstations that run payment processing software. It also covers network components such as routers, switches, and firewalls that direct and protect data as it moves across networks.
  • Payment terminals: These are physical devices at points of sale where customers’ payment cards are swiped, inserted, or tapped.
  • Storage systems: This refers to areas where payment card data is kept, whether as digital files, databases, or backups. This category includes removable media such as USB drives or backup tapes.
  • Applications: This is software that processes payments, including point-of-sale systems and online payment gateways.
  • Access controls: These are systems designed to authenticate the identity of users accessing the CDE—through physical access to secure areas and digital access to data systems.

Requirements

  • Data encryption: Payment card data must be encrypted using strong cryptographic standards, especially when transmitted over open or public networks.
  • Access management: Only authorized individuals should have access to the CDE, and their activities should be logged and monitored.
  • Physical security: Physical access to the CDE must be controlled and monitored, with entry points secured against unauthorized access.
  • Regular testing: Regular scans and penetration tests are necessary to identify and fix vulnerabilities.
  • Data retention and disposal policies: Businesses must have clear policies in place governing how long cardholder data is retained and procedures for securely disposing of cardholder data when it’s no longer needed.
  • Vendor management: If third parties have access to the CDE, they must also adhere to these security requirements.

Data types

  • Cardholder information: This includes the cardholder’s name, card number, expiration date, and service code—information that’s often found on the front of a payment card.
  • Sensitive authentication data: This applies to elements such as the card’s security code (the card verification value [CVV] or CVV2), personal identification numbers (PINs), and magnetic stripe or chip data, which are used to authenticate cardholders and authorize transactions.

The CDE should be a high-priority concern for any business that deals with customer payments, regardless of industry, payment volume, or other risk factors. Businesses that understand their CDE’s components and adhere to security requirements can effectively protect cardholder information against breaches and misuse.

PCI DSS requirements for a CDE

The PCI DSS provides guideposts for securing payment card data within the CDE. These comprehensive and detailed standards are designed to protect cardholder data from the moment a card is used to the end of the transaction process and beyond. Here’s a detailed breakdown of the key requirements:

  • Install and maintain firewall configuration: Firewalls act as gatekeepers to the CDE. They must be properly set up and managed to control incoming and outgoing network traffic based on an applied rule set, guaranteeing unauthorized access is blocked.

  • Change vendor-supplied defaults for system passwords and security parameters: Systems often come with default passwords and settings, which can be easily exploited. Businesses must change these default settings to unique, complex passwords and configurations before the systems are linked.

  • Protect stored cardholder data: If a business stores cardholder data, it must be encrypted using accepted methods. Access to this data must be on a need-to-know basis, with strict data retention policies dictating how long data is kept and clear procedures for its deletion.

  • Encrypt transmission of cardholder data across public networks: Because data can be intercepted during transmission, it must be encrypted using strong encryption methods whenever it is sent over networks that are easily accessible, such as the internet.

  • Use and regularly update antivirus software: Antivirus software helps protect systems from malicious programs. It must be used on all systems that are commonly targeted by malware, and regular updates are key.

  • Develop and maintain secure systems and applications: Businesses must protect all system components from vulnerabilities by installing security patches. When businesses develop applications, security should be a primary consideration.

  • Provide access to cardholder data on a strictly need-to-know basis: Businesses should enforce the principle of least privilege, in which individuals are given access only to the data, resources, and functions necessary to perform their jobs.

  • Assign a unique ID to each person with computer access: This allows actions on key data and systems to be traced to individuals, which helps maintain accountability.

  • Restrict physical access to cardholder data: Physical protections must prevent unauthorized individuals from accessing systems and data storage. This includes locks, access controls, and monitoring mechanisms.

  • Track and monitor all access to network resources and cardholder data: Logging mechanisms and the ability to track user activities are important in detecting, preventing, and responding to breaches.

  • Regularly test security systems and processes: Security systems and processes must be stress tested regularly to ensure they are properly configured and effective in protecting cardholder data.

  • Maintain a policy that addresses information security: Businesses must establish and maintain a formal policy that addresses technology, awareness programs, and information security with a clear management structure—and then communicate this policy to all employees and contractors.

Adhering to these requirements helps create a secure environment for handling cardholder data, which protects the businesses and its customers from data breaches while maintaining trust and integrity. By maintaining compliance with PCI DSS, businesses demonstrate their commitment to security and uphold the broader goal of creating a secure payment environment.

How to create and maintain a secure CDE

What does building and maintaining a strong CDE look like? Here’s a rundown of the process:

  • Define the CDE scope: Identify all systems, people, and processes that store, process, or transmit cardholder data. Map the data flows to confirm no part of the environment is overlooked.

  • Segment the network: Isolate the CDE from other network resources to limit access. This reduces the number of systems that can interact with the CDE, thereby minimizing the potential attack vectors.

  • Protect data with encryption: Use strong encryption for storing and transmitting cardholder data. Encryption acts like a lock, making the data unreadable to unauthorized parties without the correct key.

  • Control access: Ensure only authorized personnel have access to the CDE. This is done through proper identity verification, using unique IDs and strong authentication methods.

  • Physical security: Secure the physical locations of the CDE—such as locked rooms, surveillance cameras, and access control systems—against unauthorized entry.

  • Maintain security systems: Make sure security applications such as firewalls, antivirus software, and intrusion detection systems are up to date to protect against new threats.

  • Develop and enforce security policies: Write clear policies that define security expectations, and train staff accordingly. Include procedures for daily operations that include detailed instructions on how to respond to security incidents and how to perform regular audits.

  • Monitor and log all activities: Implement logging mechanisms to record who accessed the CDE, what they did, and when they did it. Regularly review logs for suspicious activity.

  • Test security measures: Regularly conduct tests such as vulnerability scans and penetration testing to find and fix security weaknesses.

  • Respond to breaches: Create an incident response plan that outlines how to respond to a security breach. This should include containment strategies, communication plans, and steps to prevent additional incidents.

  • Regular review and improvement: Security is an ongoing process. To adapt to new threats, regularly review and update security controls, policies, and procedures.

  • Vendor due diligence: If third parties have access to the CDE, vet them thoroughly and make sure they comply with security requirements.

A secure CDE requires continuous oversight, regular updates to defenses, and a culture of security awareness throughout the business.

How to handle a CDE breach

Even with the most careful planning and maintenance, it’s almost inevitable that breaches will occur. The nature of fraud is changing constantly, and even the best CDE approaches will have vulnerabilities. No CDE strategy is complete without a robust plan for handling breaches when they occur.

  • Immediate response and containment: Detect the data breach, and contain it immediately. This means isolating affected systems to prevent further data loss. For example, if the breach is on a specific server, that server should be disconnected from the network.

  • Assess and analyze the breach: Conduct a thorough investigation to determine the scope of the breach. This includes identifying which data was accessed, how the breach occurred, and the duration of the exposure. Forensic tools and techniques can help in this analysis.

  • Notify relevant parties: Transparency is key in managing a CDE breach. The business must notify all affected customers and inform them of the nature of the breach, what information was compromised, and what steps the business is taking to correct it. Additionally, legal requirements may dictate that a business notifies regulatory bodies about the breach.

  • Engage legal and compliance experts: Legal counsel should assess the implications of the breach and execute compliance with all relevant laws and regulations. Working with experts is particularly important because data breach laws vary by region and industry.

  • Enhance security measures: Based on the findings from the investigation, the business should implement improved security measures to prevent breaches. This could include updating software, strengthening firewalls, and enhancing encryption methods.

  • Employee training and awareness: Often, breaches occur because of human error. It’s important to educate employees about data security best practices and the importance of protecting customer information.

  • Public relations management: The business should communicate openly about the steps it’s taking to address the breach and prevent additional incidents.

  • Ongoing monitoring: After addressing the immediate effects of the breach, businesses must continuously monitor systems to immediately detect any unusual activity.

  • Review and update incident response plan: Post-breach, businesses must review their incident response plan and update it based on lessons learned. This improves preparedness in case of additional incidents.

  • Customer support and assistance: Businesses must provide support to affected customers, which may include offering credit monitoring services or a hotline for inquiries.

Throughout this process, businesses should focus on precision and accountability, taking proactive measures to rebuild trust and ensure the security of customer data.

本文中的内容仅供一般信息和教育目的,不应被解释为法律或税务建议。Stripe 不保证或担保文章中信息的准确性、完整性、充分性或时效性。您应该寻求在您的司法管辖区获得执业许可的合格律师或会计师的建议,以就您的特定情况提供建议。

准备好开始了?

无需签署合同或填写银行信息,创建账户即可开始收款。您也可以联系我们,为您的业务设计定制套餐。
Payments

Payments

借助为各种企业打造的支付解决方案,实现全球范围线上线下收款。

Payments 文档

查找 Stripe 的付款 API 集成指南。