Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Payments

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Cairo conference focuses on Data Field Encryption

If Visa’s Payment Security Forum held in Cairo this week is anything to go by, Data Field Encryption projects certainly seem to be on the agenda for banks in the Middle East, Africa, and Eastern Europe. More than 95% of those responding to a quick poll at the conference said they were either considering, evaluating, or were actively engaged in Data Field Encryption projects. Data Field Encryption incidentally, is Visa’s term for what others commonly refer to as end-to-end encryption, and what the PCI-SSC is now calling point-to-point encryption.

 But how should Data Field Encryption projects be approached? The questions from the floor following the speakers’ sessions showed that the conference attendees were eager to learn more. Was tokenization or encryption the most cost effective long term solution? Where are the ends in “end-to-end”?

Deciding which approach to use where must seem daunting to those undertaking a new Data Field Encryption project to enhance payments security. This is not surprising when you consider that a large merchant or acquirer may have scores of systems currently storing card holder data. Which ones legitimately need to store cardholder data? Which ones can be taken out of PCI-DSS scope if a token can be substituted for the cardholder data?

 The use of both tokenization and encryption may well be the answer for larger organisations, particularly in the cards payments space. It makes sense to use encryption to protect data in motion (from the point of capture at the POS to the merchant’s system or to the acquirer for example), data in use and also to protect the original card data at rest.  Tokens can be shared with applications that do not need access to the card data.

However, with encryption now at the heart of many data security strategies, organisations do need to deploy good key management. It is the encryption keys that are used to render the data unreadable, so access to and protection of keys is vital.  Happily, as encryption is a mature technology, Hardware Security Modules (HSMs) are available, and can be used to meet these requirements. HSMs can ensure not only that data is effectively protected using encryption, but that the encryption keys are also well protected and are efficiently and effectively managed.

5180

Channels

Security Payments

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Blog group founder

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more