Time to Push the Reset Button?

Payment security is back in the public eye with the recent disclosure of a cardholder data breach at a leading US payment processor. While initial reaction to this latest incident has been unfortunately predictable, characterized by plenty of uninformed speculation, outrage, and a general lack of understanding of the workings of the payments industry, the story that is ultimately written about this latest incident might be one that is completely unexpected.

Payment Security Predictions for 2012 – Part One

Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.

Securing Personal Information in the Hospitality Industry

Staying at the Venetian/Palazzo in Las Vegas last week for EMC World, I was struck by the amount of personal information they must be managing for the guests in their 7,000 suites.  Even with repeat guests, they could well average 10 individuals per week per suite, well into the millions of guests per year. And…

I’ll have the steak, please

Auditors prefer encryption over tokenization for protecting internal data at rest. To me, those findings are completely unsurprising, for the exact same reasons that I choose the same menu items over and over: we prefer the things with which we are most familiar.

Reducing PCI Scope With Tokenization

Even before the recent PCI Community meeting, one of the most frequent questions I’ve been asked is about how tokenization reduces PCI scope. Actually, it is usually a merchant asking specifically about how tokenization helps them reduce PCI scope. I will share three ways that using tokens helps a merchant deal with the costs of PCI.