RSA, the security division of EMC released a new security brief detailing how advanced security technologies can be combined with emerging outsourced services to relieve merchants of the growing burden of storing electronic payment card information. In the brief, "Secure Payment Services: Card Data Security Transformed," experts from companies including RSA, First Data Corporation and Visa urge merchants to rethink how they manage card data, asserting that they can gain better business insight and value without having to keep card numbers at all.
When it comes to maintaining credit card data, merchants face increasing challenges as IT demands expand, PCI requirements escalate and credit card thieves grow more sophisticated. Within this environment, the new RSA Security Brief introduces a model for outsourcing credit card data security called "secure payment services." Secure payment services transfer safeguarding card information to outside service providers, improving electronic card data security while simultaneously reducing the time, complexity and cost of achieving PCI compliance for merchants.
Tokenization and encryption play essential role
RSA's new Security Brief outlines how next-generation payment processing services take advantage of end-to-end data encryption and a newer technology called "tokenization." Data encryption obscures card numbers by scrambling them in a reversible format. Tokenization replaces card numbers altogether with safe proxies that can't be fraudulently used for purchases, but still allow merchants to track and analyze the customer purchasing behaviors associated with each payment card. The security brief describes a model for using end-to-end encryption and tokenization together to render card numbers unusable when intercepted by thieves.
RSA's latest security brief, "Secure Payment Services: Card Data Security Transformed" examines the external conditions fueling the need to rethink traditional payment paradigms, the innovative technologies that are enabling new approaches within the enterprise and the opportunities driving the risk of outsourced secure payment services. The brief also provides practical guidance on what merchants should look for when evaluating secure payment services providers.
An RSA Speaking of Security Podcast is also available featuring RSA's Branden Williams addressing why he believes merchants will be adopting the Secure Payment Services model to manage payment card risk. Authors of the RSA Security Brief include:
- Dr. Anton Chuvakin, Principal, Security Warrior Consulting
- Sam Curry, Chief Technology Officer, Global Marketing, RSA, the Security Division of EMC
- Robert Griffin, Director of Solution Design, Data Security Group, RSA, The Security Division of EMC
- Craig Tieken, Vice President, Merchant Product Management, First Data
- Branden Williams, Director, Security Consulting, RSA Security Practice of EMC Consulting
- Steven Wilson, Vice President, Payment Security and Reputational Compliance, Visa Europe
RSA Security Briefs are designed to provide IT leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic. Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners.