In mid-November, the PCI Security Standards Council released its Risk Assessment Guidelines as a supplement to the PCI Data Security Standard (PCI-DSS). Expanding on the requirements outlined in section 12.1.2 of the PCI-DSS, the new document provides further guidance on the techniques and methods organizations should consider when addressing this requirement of the standard. Checking the box on “Do you have a risk management program?” will not be as simple as before.
People tend to associate tokenization with payment card data, debit and credit card numbers. And while this has been the main use case for the technology, this is not the only use case.
Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.
Payment security is back in the public eye with the recent disclosure of a cardholder data breach at a leading US payment processor. While initial reaction to this latest incident has been unfortunately predictable, characterized by plenty of uninformed speculation, outrage, and a general lack of understanding of the workings of the payments industry, the story that is ultimately written about this latest incident might be one that is completely unexpected.
In our last post, we made some pretty safe predictions about how the payment security landscape will evolve this year. Now let’s make a few more daring predictions about what might happen in the coming months:
Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.
In the past several weeks, I have read two recent data breach accounts that suggest that many retailers may need their own visits from the ghosts of the past to realize that they need to change their ways.
Host Michelle Adams-Dixon talks with Liz Robinson, Senior Product Marketing Manager for RSA about tokenization – an up and coming alternative to more traditional means of data protection. Podcast: Play in new window | Download