Q&A: Chris Justice of Ingenico

The Tech Herald (TTH): Now that the holiday season has concluded what are the threats that merchants and/or consumers need to be aware of?

Chris Justice (CJ): Retailers generate a significant amount of their revenues during the Holiday Season. Much of that revenue is generated through the consumer’s use of credit and debit cards. During the 4th quarter, merchants obtain a massive amount of cardholder data, which means that electronic intrusion by unauthorized persons (hackers) may increase during the 1st quarter as employees strive to take a breather from the Holiday workload. 

Data-at-rest, where cardholder data is sitting still within log files and databases, is most vulnerable and the leading cause of security breaches. Yet, many of the most notorious breaches of recent date have come from attacks on data-in-flight, where nefarious software plucks data as it travels through the wire and sends that data to the hacker.

To secure the data in flight, retailers should focus on encrypting data at the outer edges of their network by installing systems that encrypt within the card reader. To protect data-at-rest, the retailer should consider a tokenization system that replaces useful data with a proxy element that contains no real value to anyone outside of the payments value chain.
 
TTH
: On the topic of holidays, what were some of the concerns merchants faced recently? What can they do to address them in the future?

CJ: Retailers were primarily concerned with sales forecasts as economic conditions remained stagnant. Putting an all out effort to lure new customers sometimes means that security concerns take a back seat to other initiatives. While the Holiday Shopping Season has a deadline - hackers don’t.

Since security tends to be more of an arms race, when one side loses focus on the race, the other side often wins. Small vulnerabilities in a retailer’s network or infrastructure can often be capitalized upon to create big opportunities for thieves who gain access to cardholder data.
 
TTH: What type of technology or policies should organizations have in place to address their security concerns?

CJ: Several technologies are important in helping to thwart the efforts of hackers. Encryption at the point of swipe (use reference above), tokenization (above), and data leakage tools that help to identify rogue data storage locations. Security is more than just a focus on technology. It requires a focus on people and processes as well.

Clearly, cardholder data must be tracked in its various forms throughout the infrastructure, it must be contained (segmented), policies must be created to limit access to sensitive data, network policies require almost constant evaluation and monitoring, If security were a baseball game, retailers must hit the ball 100% of the time when it’s pitched in order to win the game. For the hacker, they simply need to hit the ball once in order to win. Thus, retailers must always be more vigilant of their infrastructure to ensure success.

TTH: Considering all you have said, name three things to keep in mind about security.

CJ:

Hackers have got to live too (what can the rest of us do?)

Technology is advancing rapidly. Yet, too many retailers have failed to focus on security more than compliance, the process of simply checking the boxes. Therefore, as sophisticated retailers harden their systems, the hackers move to less sophisticated, less secure merchants in order to hack. Hackers have built a billion dollar industry from stealing data; they simply aren’t going to go away. They will continue to innovate and find the weakest link in the chain to exploit.

Being secure does not make you compliant: (how to succeed in both areas)

The PCI standards, commonly called the Digital Dozen, contains more than 250 sub points. In order to become compliant with those standards, many retailers have resorted to checking the boxes. While checking the boxes may help, a retailer needs to consider the intent of the standard. Therefore, it’s not always necessary to check all of the boxes to create a more secure environment, which is the point of the standard - create a secure environment.

Reduce scope

The best way to address PCI is to reduce its scope. Properly segment the network to reduce the number of systems and people who can access cardholder data. Use tokenization to eliminate the storage of data wherever possible. Use tokens and the identifier for back office systems that require cardholder data in order to operation. Tokens can be used as replacements for card primary account numbers (PAN) or simply used to generate proxies for cardholder data within each transaction.

For more information on Ingenico, head here.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.