What's Next After the EMV Migration? Tokenization

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next What's Next After the EMV Migration? Tokenization-6 Next

Harden Security with HSM-Enabled Tokenization

Encrypting data via the use of tokens is the first step in protecting critical business and consumer data. The second step is to create and store the cryptographic key that unlocks those tokens. Hardening security means creating a secure key via true random number generation, which relies on the anomalies in physics instead of the constraints of zeros and ones found in software code.

Storing a cryptographic key is just as important as creating it. Software solutions store keys in main memory, which means the system administrator, and anyone else with server access, has access to and the capability to create an extra key to access the data. Hardware-based tokenization instead offers strong security even in the most hostile environments. The module can detect when any attack is happening, in the form of drilling, heat, power blackout or chemical attack, and automatically delete the keys immediately.

As one of the last countries in the world, the U.S. will migrate to an EMV-based payments infrastructure on October 1, 2015. By then, Visa and MasterCard alone will have issued more than 550 million chip and pin cards. While migration to an EMV-based payments infrastructure is a significant step in securing payment data, it won't eradicate all risks.

Typically, payment data flows from the customer in the swipe of the payment card, via the merchant's point-of-sale terminal, to the acquirer and then onward to the card association for payment validation. When an EMV chip is embedded in a card, it helps ensure that the card being used is real and that it in fact belongs to the person using it, thereby drastically reducing the risk of stolen or counterfeit cards in comparison to traditional magnetic stripe cards.

These chip and pin cards are a vast improvement for preventing counterfeit use in comparison to traditional magnetic stripe cards. However, security controls still need to be put in place to protect cardholders' confidential information on payment cards not just at the moment the card is swiped or dipped, but all the way through the transaction process. To secure data in-transit, merchants are turning to tokenization.

In this slideshow, Malte Pollman, CEO of Utimaco, a leading manufacturer of hardware-based security solutions, looks at how merchants will need to take extra steps toward encryption and tokenization if they want to truly secure transactions.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.