The almost daily headlines say it all.  While interest in all forms of electronic payments on all types of devices is growing, the expansion of the vectors of vulnerability are increasing as well and along with them fears about the ability of bad actors to compromise peoples’ identities and their Primary Account Information (PAN).  Indeed, the risk of financial account information being abused is one of the fastest, if not the fastest, growth area of bad guys looking to monetize their mischief. This has really come to the fore of concern thanks to the growing interest in Apple (News - Alert) Pay whose expanding ecosystem is setting the stage for the much promised era of our mobile devices becoming our electronic wallets.

The challenge for those seeking to facilitate ease-of-use on any device for electronic payment is how to secure such environments. This encompasses not just data on the move, but also access to data at rest. It also involves having visibility and accountability (an auditable and accessible trail) of such transactions in terms of their compliance with government and industry mandates. 

One would think that given the explosive growth of electronic transactions, IT departments of companies involved in transactions, particularly large ones where there are literally millions of transactions per month, would be state-of-the art when it comes to protecting transactional data—especially given the exponential increase in applications that have or will have PAN, tokens and payment tokens.

However, again as the headlines tend to validate, the level of preparedness for assuring a safe transactional environment is not what it should be.  And, this extends across the board in terms of vertical industries that should be paying closer attention.

In short, there is a need that is taking on a sense of urgency to develop deeper technical and architectural understanding of the available methods of protecting PAN data, and how security tokenization fits from the perspective of the end-to-end architecture of payments ecosystems. This includes having deep expertise in the latest versions of the Payment Card Industry Data Security Standard (PCI (News - Alert) DSS), and the proprietary information security standard for organizations that handle branded credit and debit cards, for compliance reasons.

Getting to a level of peace of mind about the protection of what is truly mission critical information in regards to securing personal transactional data of all types is a complex undertaking, but one that has a high priority.  After all, companies’ reputations, and by extension their future financial vitality, are very much at stake.

The questions that arise are whether your company is where it needs to be in terms of managing the risks of cyber attack on transactional information, and whether or not you assure that your company can withstand an audit.

If you would like to get educated on best practices in this vital areas, participating in the insightful webinar, Understanding Security Tokenization and PCI Compliance, is a great opportunity to do so. 

To be held Wednesday, May 20, 2015 10:00 AM PDT / 1:00 PM EDT, join me and Terence Spies, Chief Technologist, HP Security Voltage and Matt Getzelman, PCI Practice Director, Coalfire as we delve into how the tokenization system is secured within the network and how it maps tokens into PANs. Topics to be covered include:

• The latest on PCI 3.0 and updates related to SSL and TLS encryption protocols and vulnerabilities that can put payment data at risk.
• Security and PCI-related aspects of payment vs. security tokenization in user networks.
• Detailed information on the various options for protecting PAN data in multi-platform enterprise environments.

Ready or not, it is inevitable that tokenization of sensitive transactional information and associated personal information will be even more embedded in how business is conducted in the future. The good news is protection is available. In fact, while there are legitimate concerns about the future of electronic payment protection, the fact that these tools and best practices exist is a reason to embrace the prospects rather than fear the risks.