I think if you don't have an option to store clear text , you may go for
using dbms_crypto for encrypting the column itself while loading/persisting
in your database.
On Sun, Nov 5, 2023 at 2:37 AM Lok P <loknath.73@xxxxxxxxx> wrote:
Hello All,
We are using Oracle version 19C and its Exadata for most of the databases.
Creating this thread to understand how people cater to the payment
industry security requirement (i.e. PCI standard needs) through encryption.
Which is as below,
https://www.dwt.com/blogs/financial-services-law-advisor/2022/05/payment-card-industry-data-security-standards
As I understand it highlights that TDE is not enough as that encrypts the
column at storage but we need to encrypt things while storing such that it
won't be viewable by anybody or application users. And the key management
also has to happen outside the encryption/decryption zone.
Few of the third party team members suggested using Oracle TDE with HSM to
cater to this PCI requirement. We are already using Oracle TDE(Tablespace
encryption). But hearing this(Oracle TDE with HSM) for the first time, I
want to check here if anybody has experience using this in the past and
this will really suffice the PCI standard security needs?
Regards
Lok
