Page 54 - GS140501
P. 54
Views (continued from page 37)
the new smart wallet channel to better find and keep not a traditional hacker, to get card data," Getzelman said.
customers." "Criminal syndicates are going after easy targets, and
people need to ask, 'Are we the low-hanging fruit?'"
Getzelman identified three areas in which we, as an
industry, failed to stop hackers in recent high-profile
breaches. "First, attackers had to get malware... We had a
chance to prevent these programs from getting into retail
environments, and we failed," he said. "Second, we were
unable to prevent propagation across the organization
instead of restricting it to one location.
"And finally, they had to be able to access the cardholder
data and route it out of the environment. So we had
three opportunities to stop and mitigate the attacks, and
we blew it." Ultimately, security solutions have to be a
combination of everything applicable, he added.
"One exciting thing is the emerging payment technologies
Matt Getzelman, PCI Practice we're seeing offer additional options for merchants to
Director at Coalfire Systems Inc. protect data at the source. Point-to-point encryption,
EMV chip and PIN in the United States are going to be
This is the first year Coalfire Systems Inc. exhibited at the tools that protect sensitive data at the point of interaction,
ETA's premier event. Matt Getzelman, PCI Practice Director
at Coalfire, said he and his colleagues have attended in so I would implore organizations to explore and research
these technologies now."
prior years and made so many good connections they
opted for a booth this time around to provide a dedicated
place to meet with current and prospective partners and
clients. And at the Coalfire booth, the buzz phrase was
"defense in depth."
What Getzelman means by defense in depth is for
businesses to have multiple layers of security, and to
think of it as a holistic process, not as just something to
check off and forget about. He said the recent large data
breaches serve as reminders that it's time for organizations
to reevaluate their security and compliance, especially
merchants and processors.
"There's an explosion of malware and easy-to-use tools on BlueSnap Inc. executives:
the black market, so it's easier than ever, even if you're Ralph Dangelmaier, Chief Executive Officer
Kelly Seelig, Vice President, Marketing
What Getzelman means BlueSnap Inc. Chief Executive Officer Ralph Dangelmaier
and his colleague Kelly Seelig, the company's Vice
by defense in depth is President, Marketing, want to bring the world to U.S.
for businesses to have ISOs and merchants, so at Transact 14 they were wining,
dining, networking and helping to inform their industry
multiple layers of security, peers. To that end, Dangelmaier ran an educational
session at the conference on doing business in the BRIC
and to think of it as a (Brazil, Russia, India and China) region; Seelig was the
moderator for a session on marketing.
holistic process, not as just Dangelmaier said interest in the BRIC session was
something to check off and strong. "We had someone from Russia, from Brazil, from
India, and someone representing China Union Pay who
forget about. is American, but knows China very well," he said. "We
explained how the local people in those countries want to
buy goods online using local currencies, local languages,
and local payment types – and the need to educate ISOs
and merchants on that."
54
the new smart wallet channel to better find and keep not a traditional hacker, to get card data," Getzelman said.
customers." "Criminal syndicates are going after easy targets, and
people need to ask, 'Are we the low-hanging fruit?'"
Getzelman identified three areas in which we, as an
industry, failed to stop hackers in recent high-profile
breaches. "First, attackers had to get malware... We had a
chance to prevent these programs from getting into retail
environments, and we failed," he said. "Second, we were
unable to prevent propagation across the organization
instead of restricting it to one location.
"And finally, they had to be able to access the cardholder
data and route it out of the environment. So we had
three opportunities to stop and mitigate the attacks, and
we blew it." Ultimately, security solutions have to be a
combination of everything applicable, he added.
"One exciting thing is the emerging payment technologies
Matt Getzelman, PCI Practice we're seeing offer additional options for merchants to
Director at Coalfire Systems Inc. protect data at the source. Point-to-point encryption,
EMV chip and PIN in the United States are going to be
This is the first year Coalfire Systems Inc. exhibited at the tools that protect sensitive data at the point of interaction,
ETA's premier event. Matt Getzelman, PCI Practice Director
at Coalfire, said he and his colleagues have attended in so I would implore organizations to explore and research
these technologies now."
prior years and made so many good connections they
opted for a booth this time around to provide a dedicated
place to meet with current and prospective partners and
clients. And at the Coalfire booth, the buzz phrase was
"defense in depth."
What Getzelman means by defense in depth is for
businesses to have multiple layers of security, and to
think of it as a holistic process, not as just something to
check off and forget about. He said the recent large data
breaches serve as reminders that it's time for organizations
to reevaluate their security and compliance, especially
merchants and processors.
"There's an explosion of malware and easy-to-use tools on BlueSnap Inc. executives:
the black market, so it's easier than ever, even if you're Ralph Dangelmaier, Chief Executive Officer
Kelly Seelig, Vice President, Marketing
What Getzelman means BlueSnap Inc. Chief Executive Officer Ralph Dangelmaier
and his colleague Kelly Seelig, the company's Vice
by defense in depth is President, Marketing, want to bring the world to U.S.
for businesses to have ISOs and merchants, so at Transact 14 they were wining,
dining, networking and helping to inform their industry
multiple layers of security, peers. To that end, Dangelmaier ran an educational
session at the conference on doing business in the BRIC
and to think of it as a (Brazil, Russia, India and China) region; Seelig was the
moderator for a session on marketing.
holistic process, not as just Dangelmaier said interest in the BRIC session was
something to check off and strong. "We had someone from Russia, from Brazil, from
India, and someone representing China Union Pay who
forget about. is American, but knows China very well," he said. "We
explained how the local people in those countries want to
buy goods online using local currencies, local languages,
and local payment types – and the need to educate ISOs
and merchants on that."
54
