Back to all posts

August 9th, 2017

4min Read

Mark Cuneo Takes The Hotseat: All Data Should Not Be Protected the Same Way And Other Enteprise Payment Security Tips You Need To Know About

Our Director of Enterprise Sales, Mark Cuneo checked into the FinTech Hotseat, a 15-minute Q&A video series hosted by Strategic Treasurer, a leading treasury consulting firm based out of Peachtree City, Georgia, to talk about protecting high priority data. In the interview, Mark explains why all data should not be treated equally when it comes to enterprise payment security and relays other helpful data security tips every IT team should know about.

We’ve summarized Mark’s top tips below, but if you have a few minutes we encourage to watch the video in its entirety here .

  • Not all data is created equal. No one wants to be hacked. If it does occur there is a big difference between a cyberattack that results in the release of high priority data verses the release low priority information.
  • PCI Compliance is not enough. PCI compliance should just be the beginning for any enterprise looking secure high priority data. The reason for is, many PCI compliance guidelines are lagging behind cutting edge attacks. Luckily, there are other security measures companies can adopt to further secure data past PCI compliance guidelines - bringing us to helpful enterprise payment security tip number three.
  • Tokenization is key. There are a few key technologies that allow you to move beyond compliance and implement more security with less effort. Tokenization is one of the those technologies because it allows you to remove your ERP system from the scope of PCI audits by replacing high priority data (within the walls of your network) with a valueless token.
  • Tokenization is not encryption. Many people believe tokenization and encryption are essentially the same technology or security tactic. This simply is not the case.
  • When it comes to securing high priority data it is better to be proactive than reactive. When a company is reactive we usually hear about it because the business failed a PCI audit, or worse, has experience a breach. In the latter case, the organization must find the most immediate resolution to minimize negative outcomes like executive level firings, loss of customer trust, fines and a massive reduction in profits.

What is high priority data, you might ask? It is the data that if exposed, would cause the greatest damage. Some examples include credit or debit card numbers, security codes and any other personally identifiable information that can be traced back to cardholders.

Encryption works by encoding sensitive information like valid credit card numbers utilizing an algorithm. The problem with this security tactic is, that the coded values can always be decoded and stolen.

Tokenization is a far superior security solution because it works by taking vaild cardholder data and replacing it with a token. A token is not derived from the original value – it is based on a randomized number. This means that even if a data breach does occur and tokens are stolen, the thief will never be able to derive the original credit card number from it.

To give you an idea of how tokenization works in a different security senerio, imagine someone breaks into your home. You have a safe full of jewelry. The thief cracks into the safe and steals fake jewels. Why does this happen? You thought ahead and proactively prepared for such an incident by taking your real jewels and placing them in a secure vault located within a bank.” – Mark Cuneo

In closing, it is important for enterprise-level organizations to identify high priority data and use measures in addition to PCI compliance to protect it because it is always better to be in a situation where you’re proactively preventing an cyberattack from occurring, rather than franticly reacting to one.

To learn more helpful tips, check out Mark Cuneo’s full interview embedded below.


Connect with us

blog comments powered by Disqus