Articles
CEO Discusses Lessons Learned from Historic Data Breach
Identity Theft
July 2010
Tom Field at Bank Info Security interviews Heartland’s CEO Bob Carr to discuss lessons learned from historic data breach. Eighteen months ago, when the Heartland Payment Systems data breach first hit the news, Heartland CEO Bob Carr knew exactly where to turn - to Tylenol. Specifically, Carr sought counsel from the former CEO of Johnson & Johnson, manufacturer of Tylenol, to inquire what his company did to get through the 1982 disaster in which seven people died after bottles of the pain reliever were laced with poison. Tylenol went on to become a leader in tamper-resistant packaging, and Johnson & Johnson went down in business history as a model of crisis management.
Vishing Scam Hits Rural Regions
Card Data Breaches
July 2010
Tracy Kitten at Bank Info Security reports two vishing attacks likely perpetrated by the same scammers, hit several Provo, Utah, residents this week. One automated-phone message called consumers, claiming their debit cards had been closed. The other attack targeted residents in the same region, purporting to be a call about service disconnection from the Rocky Mountain Power company, which provides electricity to Utah, Wyoming and Idaho.
Visa Releases Global Best Practices for Card Data Tokenization
Network Security
July 2010
Visa Inc. announced global industry best practices for tokenization to provide guidance to merchants, vendors, service providers and acquirers and promote safer merchant payment environments. Based on Visa's experience working with the industry and also insights from data compromise investigations, the tokenization best practices are the latest in a series of guidance to help merchants reduce or eliminate sensitive card data from payment systems and simplify data security and compliance efforts.
Looking at Visa's Tokenization Best Practices
Network Security
July 2010
Robert McMillon at RSA’s Speaking of Security blogs Visa issued their initial guidance on tokenization best practices. He states, “Overall, I think Visa presented a good start for the industry. Several other bloggers seem to agree. However, I do have a bone or two to pick with what they propose. The biggest issue that I have is that they seem to be allowing encrypted values to be called tokens, the very thing I cautioned against a few weeks ago.”
.
Perspective: Data Security Standards with Tokenization and Encryption
Network Security
July 2010
Craig Tieken at First Data presents perspectives on what data encryption and tokenization will mean for payments industry standards. He states data that comprises a token is random; the token can have the same 16-character format as a credit card, which is powerful for merchants as it enables them to use it in back-end databases and business applications without modifying those systems. If you are not able to map the token with the individual cardholder, merchants will lose valuable information such as trends and customer buying behavior.
Article archive by topic
Card Data Breaches
Card Fraud
Identity theft
Network Security
Skimming
Smart Cards
