South Korean prosecutors have indicted an engineer accused of stealing the credit card details of more than 20 million people and selling them to marketing firms.
EMV and online payments providers must focus asap on implementing 'unique per transaction PAN tokenization' methods as part of the fight to make the card data stored and spread across merchant and acquirer/processor systems useless for the thieves.
If such dynamic tokens are structured to preserve original PAN BIN/IIN value (for acquirer ro be able to properly route txn) and if they preserve last 4 digits of the original PAN the merchant and acquirer systems will be unaware of such changes and should
continue to function properly and only issuer end points (card and issuer host) will be able to map such token to the original PAN
Such tokens would be then useless for anything if stollen
£150k OTE + benefitsCity of London
© Finextra Research 2014