Stregthen PCI and GDPR with keystroke encryption

Merchants can protect sensitive customer information by encrypting their keystrokes

January 10, 2019


Many PCI professionals, including QSA Auditors and Forensic Examiners, are talking about how keystroke encryption can help raise the level of PCI and strengthen GDPR by protecting network credentials and customer data. PCI DSS 3.2 Requirement 5.1 offers guidance to protect systems from "zero-day" malware (an attack that exploits and unknown vulnerability) by keeping antivirus update regularly. However, malware starts out as "zero-day" until it gets reported to antivirus as a result of a breach. If that zero-day malware is a keylogger, then all of the keystrokes the user inputs prior to discovery,  have already been stolen. This includes network access credentials and "Card Not Present" transactions. In addition, keyloggers are extremely difficult to discover because many have polymorphic capabilities, meaning they have the capability to change their form and continue to elude antivirus for months and sometimes years. 

Merchants would benefit greatly from using EndpointLock keystroke encryption to protect all of the data they input into a PC or mobile device.


In addition to protecting the merchant and their customers, keystroke encryption also protects the credit card processor and other networks that the merchant must log into in order to perform daily functions such as download reports and viewing their account. If a hacker gains access to these systems, they can plant other malware and work their way further into the enterprise.