Payment security is back in the public eye with the recent disclosure of a cardholder data breach at a leading US payment processor. While initial reaction to this latest incident has been unfortunately predictable, characterized by plenty of uninformed speculation, outrage, and a general lack of understanding of the workings of the payments industry, the story that is ultimately written about this latest incident might be one that is completely unexpected.
Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.
Staying at the Venetian/Palazzo in Las Vegas last week for EMC World, I was struck by the amount of personal information they must be managing for the guests in their 7,000 suites. Even with repeat guests, they could well average 10 individuals per week per suite, well into the millions of guests per year. And [...]
Auditors prefer encryption over tokenization for protecting internal data at rest. To me, those findings are completely unsurprising, for the exact same reasons that I choose the same menu items over and over: we prefer the things with which we are most familiar.
Five years from now, I think we will look back at 2010 as the beginning of a revolution in the way merchants interact with credit card data.
Tokens are safer for merchants because tokens lack the very thing that make credit card numbers so appealing to thieves – portability.
Even before the recent PCI Community meeting, one of the most frequent questions I’ve been asked is about how tokenization reduces PCI scope. Actually, it is usually a merchant asking specifically about how tokenization helps them reduce PCI scope. I will share three ways that using tokens helps a merchant deal with the costs of PCI.