Webinars - Featured Articles

May 11, 2015

Webinar - Security and PCI-related Aspects of Payment vs. Security Tokenization: What You Need to Know


The growing interest in using smart devices as our electronic Swiss Army for making payments is catching on—thanks in part to the launch of Apple (News - Alert) Pay—as is the seemingly daily flow of data breach headlines of major retailers and others; both trends have shined the spotlight on the future of secure payments.  This is true whether a mobile device and an app are involved, or activity occurs via another type of input device—be it a computer or ATM.  




Realities are that with the movement toward using “plastic” or going totally electronic, how best to secure the access to and transfer of personal information, particularly account information, has never been more important.  Indeed, thanks to the explosion of applications that will have Primary Account Information (PAN), tokens and payment tokens, the complexity of IT needed to secure all types of electronic transactions and the personal data associated with the transferring of money, is growing as transactional volumes and payment alternatives increase exponentially. 

As we have seen from the level of preparedness, actually the lack thereof in many cases, of not just customer-facing organizations like retailers but also financial institutions, there is a need to develop deeper technical and architectural understanding of the available methods of protecting PAN data, and how security tokenization fits from the perspective of the end-to-end architecture of payments ecosystems.

This includes having deep expertise in the latest versions of the Payment Card Industry Data Security Standard (PCI (News - Alert) DSS), the proprietary information security standard for organizations that handle branded credit and debit cards from the major card issuers like Visa, MasterCard, American Express (News - Alert) and Discover. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. It is designed to increase data security and thereby reduce fraud.  In addition, compliance as determined through access to detailed records for auditing has become the foundation of creating the trust needed for ecommerce of all types to flourish.

In short, there is a lot to know at a high level. More importantly, since virtually every company that accepts non-cash payments knows a little something about the use of tokens and PCI compliance, the state-of-the-art and best practices are paramount as well. This is a case where the devil really is in the details and the details are of major consequence.

If you are concerned about securing personal transactional data in terms of its accessibility stored and particularly when it is on the move to prevent fraud and assure your company can withstand an audit, a great place to get educated is the insightful webinar, Understanding Security Tokenization and PCI Compliance

To be held Wednesday, May 20, 2015 10:00 AM PDT / 1:00 PM EDT, join me and Terence Spies, Chief Technologist, HP Security Voltage and Matt Getzelman, PCI Practice Director, Coalfire as we delve into how the tokenization system is secured within the network and how it maps tokens into PANs. Topics to be covered include:

  • The latest on PCI 3.0 and updates related to SSL and TLS encryption protocols and vulnerabilities that can put payment data at risk.
  • Security and PCI-related aspects of payment vs. security tokenization in user networks.
  • Detailed information on the various options for protecting PAN data in multi-platform enterprise environments.

Ready or not, it is inevitable that tokenization of sensitive transactional information and associated personal information will be even more embedded in how business is conducted in the future. More apps are going to want this type of information, more big data analyses will draw upon it as marketers look to build more expansive and contextual profiles to better serve us, and the bad guys are not likely to be easily deterred from ramping up their efforts to exploit vulnerability and monetize them.

Protection is available and IT can obtain the tools needed for much greater peace of mind for themselves, their executives and customers alike.  




Edited by Dominick Sorrentino