Page 1 - GS140201
P. 1
February 10, 2014 • Issue 14:02:01
Is hardware, not software, the true
security solution?
he investigation into the Target Corp. breach
that occurred over the 2013 holiday season con-
tinues to evolve. Target has raised the number
T of compromised card accounts from 40 million
to 70 million, while other reports have put the number at
well over 100 million.
Details about the attack itself have also emerged. The
"memory scraping" malware used in the hack originated
in Russia and was called BlackPOS. The same type of
malware was reportedly used in attacks on at least six
U.S. retailers recently, including upscale department store
retailer Neiman Marcus, where 1.1 million cards were
reportedly breached.
But what is not getting as much media attention is that
the problem of data security goes beyond the well-
documented deficiencies of mag stripe payment card
technology. According to smart-card firm Tyfone Inc.,
the fatal flaw of the global security infrastructure is that
it is software-based. Tyfone said cardholder data, not to Don Bloodworth, Chief Financial Officer at Tyfone,
mention all other kinds of enterprise data, is stored in believes that even if software security is strengthened,
the cloud, and that data is accessed via public networks that will not take care of the problem. "Software is easier
fraudsters can easily penetrate. to deploy and scale," he said. "But this is one area where it
is very difficult to support the fact that software can solve
"We have put all of our assets in the cloud," said Dr. Siva this problem. It really can't."
Narendra, co-founder and Chief Executive Officer at
Tyfone. "All of our eggs are in one basket − trillions and Tyfone said the solution is to transfer security from
trillions of dollars in the basket. What do we do to protect software in the cloud to hardware controlled by each
it?" The answer too often is that protection is an easily individual cardholder. Tyfone supports the migration
hackable login and password. of the mag stripe-based U.S. payments ecosystem to the
Europay/MasterCard/Visa (EMV) smart card solution.
When EMV is employed, cardholder data is stored in a
Contributed articles inside by: secure chip embedded in plastic cards.
Thus, instead of hackers remotely hacking into a database
Ken Musante ........................................................................................32 stored in the cloud to steal information from millions
Dale S. Laszig ...................................................................................... 44 of accounts, they would have to hack into millions of
Vicki M. Daughdrill ............................................................................ 48 individual EMV cards physically held by the cardholders
Adam Atlas ............................................................................................52 to steal that same amount of data.
TOC on page 3
Continued on page 39
