Subscribe to the Merchant Link email list to stay informed on trends in the payments industry, best practices to secure data, and to receive periodic product news and announcements.
Often, the thought of improving your company’s data security posture seems overwhelming. Not only are there questions of what to secure, but larger questions often arise about the desired end-state and how best to overcome the numeorius obstacles that arise when implementing any security or compliance program. For example, should compliance be the desired end-state, or is a broader notion of security a more appropriate goal? Equally, should data security be treated solely as a technology problem, or is it better to treat it as a business problem and push for board-level visibility?
Before too many possibilities start swimming in your head, here are 8 steps to help simplify your thinking:
Imagine what it’s like trying to secure a multi-billion dollar online and brick and mortar business. That’s the task that Carlton Jones, Security Analyst at Staples, Inc. takes on every day.
We interviewed Carlton at RSA 2010 between sessions to find out what it takes to assure customers that each time they buy office supplies their credit card transaction is secure and their data is protected.
Watch the video below to learn about what guides Staples Inc.’s security philosophy from best of class investments to using business cases to making on-going process improvements.
It’s always interesting to find out what security practitioners, those out in the field, think about the security and compliance challenges they face day in and day out as they secure their networks and customer data.
A few months ago, when we were at the RSA show, we interviewed Jason Stead of Choice Hotels International to find out his thoughts about the security and compliance conundrum. Does being compliant mean that a company is secure? Or should compliance be a byproduct of best practice security activity?
When Visa released its suggested best practices for tokenization on July 16th, those of us in the industry knew it was just the beginning of a much broader debate on what these guidelines meant and whether or not they really were the best practices.
Merchant Link’s stance is very clear: while Visa’s best practices are a good start and we laud their endorsement of tokenization, there is more to be done. Just what needs to be done and how it needs to happen should be a source of great debate among not only solution providers, but also merchants.
Ericka Chickowski has certainly added to the debate in her recent piece in Dark Reading… Read More
Day Four: Protecting data at rest and data in motion – Tokenization and encryption
As you may have noticed, VISA recently came out with guidelines for tokenization. This is after they already established guidelines for point encryption solutions.
Most believe that this latest guidance is indicative of what we will be seeing in the future from the PCI Security Standards Council.
The use of both tokenization and encryption is necessary to ensure protection of credit card information that is stored as well as information that is in transit.
But first, we must understand how each technology works.
Tokenization is the replacement of a data element (such as… Read More
Day Three: On the horizon… What’s next for PCI DSS?
Recently, VISA, one of the founding members of the PCI Council, made headlines by developing global industry best practices for tokenization.
This guidance was provided to merchants, vendors, and service providers in an effort to promote safe merchant environments.
Tokenization is the process through which a credit card’s primary account number is replaced by a proxy, with no mathematical relationship back to the original number.
By replacing the account number, merchants and processors limit the sensitive data that is stored on their systems thereby significantly reducing the risk that that sensitive data could be stolen by hackers.… Read More
