Corporate Finance, DeFi, Blockchain, Web3 News
Corporate Finance, DeFi, Blockchain News

Devaluing sensitive data is the best offense in the cyberwar, claims Aite Group

New research announced today from Aite Group in its latest report, How Tokenization and Encryption Can Take the Wind Out of a Hacker's Sails, shows how the latest innovative encryption and tokenization technologies not only lessen the pace of these attacks but could also leave the hackers dead in the water.

IT and security professionals have always focused on protecting their infrastructure from cyberattacks. Yet, it does not matter how many wins an organization can claim in the cyberwar; it only takes one high-profile loss to call an organization's entire security practice into question, which has proven to be the case with brands like Home Depot and Target.

While all organizations that handle payment card data must adhere to Payment Card Industry Data Security Standards (PCI DSS), this set of standards is merely a baseline, not a panacea against fraudsters. This is why the security industry is so focused on removing the incentive for hackers. If they are unable to obtain any useful data during these breaches, then the damage to the affected organizations, their consumers, and the payments industry as a whole is minimized. Tokenization and encryption are therefore key elements in the set of cryptographic methods that are gaining popularity.

The most recent concept is point-of-capture issuer tokenization. In March 2014, EMVCo introduced specifications that issuers could use in order to provide a token or "digital account" in lieu of the primary account number (PAN). Payment networks provide a specific token each time a payment token is requested on behalf of the issuers, not only for the PAN, but also the platform for which it was requested in a process called identification and verification (ID&V). This locks tokenized payment data into each specific use case. Apple's recently announced Apple Pay, a contactless payment system leveraging NFC technology in the iPhone 6, is the first instance of an organization utilizing issuer tokenization.

“Devaluing sensitive data is the best offense in the cyberwar, so merchants should ensure that all sensitive consumer data is either encrypted or tokenized at the point of capture to avoid any possible data exposure in the event of a breach," says Nathalie Reinelt, analyst in Retail Banking at Aite Group.

Les médias du groupe Finyear

Jeudi 2 Octobre 2014