- Jun 24, 2016
- 636
Fight Social Engineering—
Make Your Priceless Data Completely Worthless:
SOURCE: bsminfo.com (ARTICLE DATE: 22nd Aug 2016)
Security involves people and processes, in addition to technology. The most logical weakness is you and I, the human component. Hackers caught on to this years ago, and we’ve become incredibly familiar with weak spots that result in social engineering attack vectors that often trick people into breaking normal security procedures...
Digital disruption in the financial industry has led to a rise in third-party payment systems. The Amazon Store Card, Apple Pay, and Google Wallet are just a few examples. And with them, we’re far less likely to actually use our credit and debit cards at the point-of-sale. In fact, our physical use of cards is arguably becoming obsolete.
This trend isn’t going anywhere, and with it we will continue to deliver more of our personal and account information over the phone, email, and web to banks and retailers without thinking twice. But when this information reaches the contact centers that facilitate these interactions, it can be gold mine for fraudsters and criminals — especially with the rise of massive data breaches exposing huge amounts of personally identifiable information (PII).
Humans have always been, and always will be, the weakest link in the security chain. Contact centers must do everything to try to insure that criminals are not socially engineering their employees. More cyber criminals will turn to contact centers as a potential target.
The most effective means of stopping this — and many other types of fraud — is to ensure that, even if the human element is misled, other measures are in place to prevent the looting of payment card and personal information. Many would agree an effective means of protecting against social engineering is to simply leave the data in some format unusable by the criminals. For example, tokenization can be used to replace sensitive data with a unique and meaningless equivalent that has no exploitable value, known as a token. This token is then stored by a tokenization system and acts as an empty stand-in and director to the sensitive information. Many organizations use this to increase the security of critical data and keep it out of reach of cyber criminals...
SOURCE: squareup.com
Tokenization is the process of replacing sensitive credit card information with an algorithimically generated, non-sensitive number called a token. Tokenization is primarily used in data security to prevent the theft or misuse of sensitive credit card data, known as a PAN (primary account number)...
Substitution techniques like tokenization have been in practice for decades as a way to isolate data in ecosystems like databases. But more recently, tokenization has seen widespread use as a security tactic—a way to protect and safeguard sensitive information.
Tokenization vs. Encryption
Tokenization replaces sensitive cardholder detail with a stand-in token. This helps secure the customer’s bank account details in credit card and eCommerce transactions.
End to end encryption (aka “data field encryption”) on the other hand, encrypts cardholder data at the origin, and then decrypts it at the end destination. Some examples of end-to-end encryption are VPNs, Square's POS system and messaging apps like WhatsApp.
Both tokenization and encryption are used to reduce the scope of PCI Compliance by reducing the amount of systems that have access to customers’ credit card information. (For a primer on PCI compliance, check out our PCI Compliance Checklist)
Is tokenized data reversible?
Tokenized data is not mathematically reversible unless you have the original key used to create the token...
Make Your Priceless Data Completely Worthless:
SOURCE: bsminfo.com (ARTICLE DATE: 22nd Aug 2016)
Security involves people and processes, in addition to technology. The most logical weakness is you and I, the human component. Hackers caught on to this years ago, and we’ve become incredibly familiar with weak spots that result in social engineering attack vectors that often trick people into breaking normal security procedures...
Digital disruption in the financial industry has led to a rise in third-party payment systems. The Amazon Store Card, Apple Pay, and Google Wallet are just a few examples. And with them, we’re far less likely to actually use our credit and debit cards at the point-of-sale. In fact, our physical use of cards is arguably becoming obsolete.
This trend isn’t going anywhere, and with it we will continue to deliver more of our personal and account information over the phone, email, and web to banks and retailers without thinking twice. But when this information reaches the contact centers that facilitate these interactions, it can be gold mine for fraudsters and criminals — especially with the rise of massive data breaches exposing huge amounts of personally identifiable information (PII).
Humans have always been, and always will be, the weakest link in the security chain. Contact centers must do everything to try to insure that criminals are not socially engineering their employees. More cyber criminals will turn to contact centers as a potential target.
The most effective means of stopping this — and many other types of fraud — is to ensure that, even if the human element is misled, other measures are in place to prevent the looting of payment card and personal information. Many would agree an effective means of protecting against social engineering is to simply leave the data in some format unusable by the criminals. For example, tokenization can be used to replace sensitive data with a unique and meaningless equivalent that has no exploitable value, known as a token. This token is then stored by a tokenization system and acts as an empty stand-in and director to the sensitive information. Many organizations use this to increase the security of critical data and keep it out of reach of cyber criminals...
[To read the full article please visit the link at the top of the page]
What Is Tokenization?
SOURCE: squareup.com
Tokenization is the process of replacing sensitive credit card information with an algorithimically generated, non-sensitive number called a token. Tokenization is primarily used in data security to prevent the theft or misuse of sensitive credit card data, known as a PAN (primary account number)...
Substitution techniques like tokenization have been in practice for decades as a way to isolate data in ecosystems like databases. But more recently, tokenization has seen widespread use as a security tactic—a way to protect and safeguard sensitive information.
Tokenization vs. Encryption
Tokenization replaces sensitive cardholder detail with a stand-in token. This helps secure the customer’s bank account details in credit card and eCommerce transactions.
End to end encryption (aka “data field encryption”) on the other hand, encrypts cardholder data at the origin, and then decrypts it at the end destination. Some examples of end-to-end encryption are VPNs, Square's POS system and messaging apps like WhatsApp.
Both tokenization and encryption are used to reduce the scope of PCI Compliance by reducing the amount of systems that have access to customers’ credit card information. (For a primer on PCI compliance, check out our PCI Compliance Checklist)
Is tokenized data reversible?
Tokenized data is not mathematically reversible unless you have the original key used to create the token...
[To read the full article please visit squareup.com- tokenization]
Last edited:
