Oracle University leveraged our extensive payments security background to discuss the concerns Oracle users should be aware of in order to adequately defend themselves against fraud. For your reference, we’ve broken the webinar into four main clips that provide a comprehensive overview of the entire session. Take a look below, or click here to view the entire webinar.
The webinar set the stage by drawing attention to the fundamentals of payments security technology:
> Encryption: An algorithm that yields a value that can be decrypted
> Tokenization: The process of substituting a sensitive piece of data with a token that has no extrinsic meaning and cannot return the original value
> Point-to-Point Encryption: Protects data in transit; data is encrypted in one environment and decrypted in another by a P2PE vendor – data does not touch your Oracle system
Operating as an a non-compliant entity has real consequences that should not be ignored. Your PCI compliance status should be at the forefront of your company’s operational priorities.
Risks of PCI non-compliance:
> Legal Fees
> Card Replacement Costs
> Forensic Audits
> Decreases in Stock Equity
> Reputation Damage
> Loss of Business
Spoiler alert: encrypted values can be decrypted! Relying on encryption alone does not protect your Oracle system or your customers
> Cardholder data stored in EBS (even if encrypted) is subject to PCI-DSS requirements
>> It is safer to remove sensitive data from your systems entirely via tokenization
> Although encrypting cardholder data meets PCI requirements, the information can be decrypted, therefore putting your system in a vulnerable position
Meet your new best friend: tokenization
> Tokenization removes all cardholder data from your Oracle system
>> Replacing data with a token makes it significantly more difficult for a hacker to steal sensitive information from your environment
> Tokenization reduces your PCI audit
>> Oracle becomes ‘out of scope’ – this includes all software and hardware
Get these posts delivered straight to your inbox!