Page 1 - GS210402
P. 1
April 26, 2021 • Issue 21:04:02
Hardware-grade security for
digital commerce – Part 2
Nikki Estes, digital marketing manager at iCheckGateway.
com (ICG), a payment technology provider, pointed out that
consumers just want fast and simple transactions. "Con-
sumers don't care about back-end technology, where serv-
ers are located or how many are in play," she said. "They
just want to know that they can pay for things where they
are, on the beach or in their cars."
Encryption, tokenization
For decades, payment card readers have encrypted person-
al identification numbers (PINs) to make them unintelli-
gible to hackers, using cryptographic keys that can only be
unlocked by certified key managers. The PCI Security Stan-
dards Council (PCI SSC) requires service providers to use
secure, dedicated facilities when injecting keys into hard-
ware secure modules (HSMs). The Payment Card Industry
Data Security Standard (PCI DSS) also contains guidelines
By Dale S. Laszig for remote key injection using PCI-certified point-to-point
encryption (P2PE).
n an age of anywhere and everywhere commerce,
POS solutions have evolved from fixed points of sale Tokenization, another way to disguise data, uses algo-
to moveable touchpoints in stores, apps and online rithms or token-mapping tables. Foregenix, a UK-based
I channels. The machines supporting these solutions data security consultancy, noted that both tokenization and
can be remotely managed, networked and updated, where- encryption are effective ways to remove sensitive data from
as standalone models require hands-on maintenance, repair merchants' scope. The company reviewed a Bluefin solu-
and replacement. Part 1 of this series explored hardware's tion in Using Bluefin's ShieldConex for Data Protection, a white
role in bringing physical security to digital commerce. Part paper published in March 2021.
2 shares insights from payments leaders about the funda-
mental mechanics behind secure, compliant transactions.
Experts interviewed herein noted that the POS is moving Contributed articles inside by:
from payment-centric devices to distributed points of in-
teraction as consumers increasingly transact on personal Monica Eaton-Cardone ......................................................................18
connected devices, computers, smartphones, tablets and John Tucker ............................................................................................28
wearables. All agree that security must be integral to de-
sign and development of the POS in all its form factors, Tom Byrnes .............................................................................................32
from wristwatches to refrigerators, even when the com- Michael Boukadakis .............................................................................33
merce piece stays hidden in the background.
TOC on page 3
Continued on page 26
