Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/22/2010
04:54 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Payment Card And Data Security Leaders Predict Transformation in Merchant Card Data Management

Emerging services and technologies reshape electronic payment landscape by shifting focus from risk protection to risk removal

BEDFORD, Mass., June 22 /PRNewswire/ -- Today RSA, the Security Division of EMC (NYSE: EMC) released a new security brief detailing how advanced security technologies can be combined with emerging outsourced services to relieve merchants of the growing burden of storing electronic payment card information. In the brief, "Secure Payment Services: Card Data Security Transformed," experts from companies including RSA, First Data Corporation and Visa urge merchants to rethink how they manage card data, asserting that they can gain better business insight and value without having to keep card numbers at all.

When it comes to maintaining credit card data, merchants face increasing challenges as IT demands expand, PCI requirements escalate and credit card thieves grow more sophisticated. Within this environment, the new RSA Security Brief introduces a model for outsourcing credit card data security called "secure payment services." Secure payment services transfer safeguarding card information to outside service providers, improving electronic card data security while simultaneously reducing the time, complexity and cost of achieving PCI compliance for merchants.

"The benefits of secure payment services can be significant. We believe many merchants will move to an outsourced services model by 2015," said Craig Tieken, Vice President, Merchant Product Management, First Data. "As the merchant responsibilities associated with storing payment card data continue to increase, these new centralized repositories allow merchants to preserve all the marketing and operational advantages of tracking card information while transferring a large portion of the risk by removing the card numbers from the merchant's card environment. This shift will create a new industry standard for securely processing credit, debt and other payment card transactions."

Tokenization and Encryption Play Essential Role

RSA's new Security Brief outlines how next-generation payment processing services take advantage of end-to-end data encryption and a newer technology called "tokenization." Data encryption obscures card numbers by scrambling them in a reversible format. Tokenization replaces card numbers altogether with safe proxies that can't be fraudulently used for purchases, but still allow merchants to track and analyze the customer purchasing behaviors associated with each payment card. The security brief describes a model for using end-to-end encryption and tokenization together to render card numbers unusable when intercepted by thieves.

"Secure payment services based on encryption and tokenization will radically transform how most merchants handle payment card data," said Sam Curry, RSA's Chief Technologist. "Just as bank accounts insured by the FDIC provided a better way for people to save cash than stashing it inside their mattresses, this new generation of outsourced secure payment card services will provide a way for merchants to track and use payment card data that is vastly superior to keeping actual card numbers within the enterprise."

RSA Security Brief on Secure Payment Services Now Available

RSA's latest security brief, "Secure Payment Services: Card Data Security Transformed" examines the external conditions fueling the need to rethink traditional payment paradigms, the innovative technologies that are enabling new approaches within the enterprise and the opportunities driving the risk of outsourced secure payment services. The brief also provides practical guidance on what merchants should look for when evaluating secure payment services providers. The brief is available to download from RSA's website at: http://www.rsa.com/document.aspx?id=10990

An RSA Speaking of Security Podcast is also available featuring RSA's Branden Williams addressing why he believes merchants will be adopting the Secure Payment Services model to manage payment card risk.

Authors of the RSA Security Brief include many of the industry's foremost leaders in payment card security:

-- Dr. Anton Chuvakin, Principal, Security Warrior Consulting -- Sam Curry, Chief Technology Officer, Global Marketing, RSA, the Security Division of EMC -- Robert Griffin, Director of Solution Design, Data Security Group, RSA, The Security Division of EMC -- Craig Tieken, Vice President, Merchant Product Management, First Data -- Branden Williams, Director, Security Consulting, RSA Security Practice of EMC Consulting -- Steven Wilson, Vice President, Payment Security and Reputational Compliance, Visa Europe

RSA Security Briefs are designed to provide IT leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic. Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle -- no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

About EMC

EMC Corporation (NYSE: EMC) is the world's leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC's products and services can be found at www.EMC.com.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...