Page 1 - GS220401
P. 1
April 11, 2022 • Issue 22:04:01
Navigating multi-layered security
Until we uncover the root cause of payment data theft and
fraud, he added, piling on compliance and certifications
will do nothing more than lock the front door while keeping
the back door wide open.
Authentication
Deignan pointed out that every payment system relies on an
authorization network that issues approvals and declines.
Authorizations are binary processes; they say yes, I give my
consent to move value, or no, I do not, and if we were to rely
solely on authorizations, all kinds of fraud would occur, he
stated.
Authentication, on the other hand, is the act of measuring,
proving or asserting genuineness, Deignan said. It answers
the questions: is it real, is it true, is it valid or is it genuine? If
you authenticate cardholders, merchants and issuers, all
By Dale S. Laszig relying parties could trust the whole transaction, which
would remove the incentive for threat actors to steal, he
ulti-layered security strategies are top of mind said.
for cybersecurity specialists, and approach-
es are as varied as individual technologies. Deignan additionally noted that every transaction has
M The Green Sheet asked six information secu- multiple elements to authenticate, such as payor, payee
rity leaders for their views on security best practices; their and physical devices, and the authentication process must
responses reflect a common commitment and diversity of establish exactly who initiated the payment and is a party
methodologies. This article explores what some experts call to it, as well as exact information about the recipient of
a holistic security strategy: ways in which layered technolo- the funds. This can be accomplished by authenticating
gies secure and protect physical and digital environments. appropriate credentials, which he summarized as
"something the user has, knows or is."
Andrew Deignan is global vice president of marketing
at MagTek, a company that has focused on security for
more than 25 years. "We have advocated on behalf of
our customers, and ultimately cardholders, that a system
reliant on static authorization data will always be a target Contributed articles inside by:
for threat actors," he said. "As an industry, we have placed Lee Hansen .............................................................................................19
the onus on merchants to protect what the issuers expose
in plain view on the front and back of the cards they issue." Natasa Cvijanovic .................................................................................28
Deignan acknowledged that progress has been made but Nicholas Cucci, C.F.E. ...........................................................................30
suggested the industry focuses too much on compliance Tyler Kem .................................................................................................32
and certifications and not enough on practical security.
This approach tends to stifle innovation, he noted, while Chad Otar ................................................................................................34
burdening POS devices with multi-level certifications and TOC on page 3
leaving payments systems vulnerable to theft and fraud.
Continued on page 26
