IT and security professionals have always focused on protecting their infrastructure from cyberattacks. Yet, it does not matter how many wins an organization can claim in the cyberwar; it only takes one high-profile loss to call an organization's entire security practice into question, which has proven to be the case with brands like Home Depot and Target.
While all organizations that handle payment card data must adhere to Payment Card Industry Data Security Standards (PCI DSS), this set of standards is merely a baseline, not a panacea against fraudsters. This is why the security industry is so focused on removing the incentive for hackers. If they are unable to obtain any useful data during these breaches, then the damage to the affected organizations, their consumers, and the payments industry as a whole is minimized. Tokenization and encryption are therefore key elements in the set of cryptographic methods that are gaining popularity.
The most recent concept is point-of-capture issuer tokenization. In March 2014, EMVCo introduced specifications that issuers could use in order to provide a token or "digital account" in lieu of the primary account number (PAN). Payment networks provide a specific token each time a payment token is requested on behalf of the issuers, not only for the PAN, but also the platform for which it was requested in a process called identification and verification (ID&V). This locks tokenized payment data into each specific use case. Apple's recently announced Apple Pay, a contactless payment system leveraging NFC technology in the iPhone 6, is the first instance of an organization utilizing issuer tokenization.
“Devaluing sensitive data is the best offense in the cyberwar, so merchants should ensure that all sensitive consumer data is either encrypted or tokenized at the point of capture to avoid any possible data exposure in the event of a breach," says Nathalie Reinelt, analyst in Retail Banking at Aite Group.
aitegroup.com.
While all organizations that handle payment card data must adhere to Payment Card Industry Data Security Standards (PCI DSS), this set of standards is merely a baseline, not a panacea against fraudsters. This is why the security industry is so focused on removing the incentive for hackers. If they are unable to obtain any useful data during these breaches, then the damage to the affected organizations, their consumers, and the payments industry as a whole is minimized. Tokenization and encryption are therefore key elements in the set of cryptographic methods that are gaining popularity.
The most recent concept is point-of-capture issuer tokenization. In March 2014, EMVCo introduced specifications that issuers could use in order to provide a token or "digital account" in lieu of the primary account number (PAN). Payment networks provide a specific token each time a payment token is requested on behalf of the issuers, not only for the PAN, but also the platform for which it was requested in a process called identification and verification (ID&V). This locks tokenized payment data into each specific use case. Apple's recently announced Apple Pay, a contactless payment system leveraging NFC technology in the iPhone 6, is the first instance of an organization utilizing issuer tokenization.
“Devaluing sensitive data is the best offense in the cyberwar, so merchants should ensure that all sensitive consumer data is either encrypted or tokenized at the point of capture to avoid any possible data exposure in the event of a breach," says Nathalie Reinelt, analyst in Retail Banking at Aite Group.
aitegroup.com.
Les médias du groupe Finyear
Chaque jour (5j/7) lisez gratuitement :
Le quotidien Finyear :
- Finyear Quotidien
La newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises de la finance d’entreprise et de la finance d'affaires.
Chaque mois lisez gratuitement :
Le magazine digital :
- Finyear Magazine
Les 6 lettres digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- Le Capital Investisseur
- GRC Manager
- Le Contrôleur de Gestion (PROJET 2014)
Un seul formulaire d'abonnement pour recevoir un avis de publication pour une ou plusieurs lettres
Le quotidien Finyear :
- Finyear Quotidien
La newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises de la finance d’entreprise et de la finance d'affaires.
Chaque mois lisez gratuitement :
Le magazine digital :
- Finyear Magazine
Les 6 lettres digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- Le Capital Investisseur
- GRC Manager
- Le Contrôleur de Gestion (PROJET 2014)
Un seul formulaire d'abonnement pour recevoir un avis de publication pour une ou plusieurs lettres
Autres articles
-
TMS Network (TMSN) Powers Up As Cryptocurrency Domain Appears Unstoppable. What Does This Mean For Dogecoin (DOGE) and Solana (SOL)?
-
The Growing Popularity of Crypto Payments: Could TMS Network (TMSN), Alchemy Pay (ACH), and Ripple (XRP) Lead The Way Despite The Whales?
-
DigiFT DEX Raises $10.5M in Pre-Series A Funding Led by Shanda Group
-
Giddy Wallet Announces First-Ever Autogas Feature for Polygon
-
Tezos (XTZ) and Cardano (ADA) Investors Stake Tokens for Passive Income -- Here's Why They Should Invest In TMS Network (TMSN) Instead