NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info

NIST published a new cybersecurity standard that specifies format- preserving encryption techniques to secure credit card number and sensitive medical information.

The National Institute of Standards and Technology (NIST) has developed new encryption methods for securing financial data and other sensitive information.
The NIST publication SP 800-38G authored by Morris Dworkin specifies cryptography standards for both binary and non-binary data, preserving the look and feel of the unencrypted digits. Earlier encryption methods designed by NIST worked for binary data. But for strings of decimal numbers, there was no feasible technique to produce coded data that preserves the original format.
How do you transform a string of digits such as a credit card number so that it is indecipherable to hackers, but still has the same length and look—in other words, preserves the format—of the original number, as the software expects? Dworkin said in a NIST post.
The new standard -- Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption -- describes two encryption methods that can help cipher both binary and non-binary sequences of symbols, maintaining the same format as that of the original string. The FF1 and FF3 techniques are aimed at protecting the credit card number during the financial transaction, and can also help secure sensitive medical records.
Though the encryption methods can protect patient’s personal information, Dworkin notes that its still no foolproof security measure. “FPE can facilitate statistical research while maintaining individual privacy, but patient re-identification is sometimes possible through other means,” he said. “You might figure out who someone is if you look at their other characteristics, especially if the patient sample is small enough. So it’s still important to be careful who you entrust the data with in the first place.”
Read more on the new security standard in this
NIST post.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info