Page 27 - GS230901
P. 27

CoverStory




        Thwart emerging threats                                 "Data devaluation needs to be first and foremost in the
                                                                transaction journey," he said. "Online, information that
        As security analysts have noted, fraudsters are also evolv-  is entered into a web form or ecommerce page should be
        ing at the speed of payments, which makes complacency   tokenized upon submittal, including sensitive customer
        another potential failure point in a payment transaction's   information—essentially masking this data as it flows
        journey. Verizon's "2023 Payment Security Report In-    through the payment chain and replacing the data for
        sights," white paper, published Aug. 23, 2023, advocated   storage with tokens that represent the data but do not
        an approach to protect against emerging threats that in-  reflect the actual values."
        tegrates "requirements from various security standards
        into a single set, such as applicable PCI security standards   Miles went on to say that most modern payment providers
        (the Data Security Standard [DSS], PIN Transaction Secu-  offer secure payment frames that combine iFrame
        rity, Point-to-Point Encryption [P2PE], 3-D Secure [3DS].   technology  with real-time  tokenization.  This  is  not to
        Secure Software) as well as other regulations (Society   discount standard security measures, he added, such as
        for Worldwide Interbank Financial Telecommunications    firewalls, transaction monitoring,  penetration  testing,
        [SWIFT] Customer Security Control Framework [CSCF])."   patching and more. These are all part of having a layered
                                                                cybersecurity strategy.
        The ultimate goal of PCI, Verizon researchers noted, is
        not compliance, but effective, sustainable data protection,   "Building higher walls to keep the fraudsters out is no
        backed by continual improvement.                        longer an option because of the myriad of data entry

        Devalue data                                            points in today's omnichannel payment experience," Miles
                                                                said. "Y ou must render the data useless to protect the
        As payment transactions travel across touchpoints and   merchant, the payment chain and the consumer."
        regions,  the  data  they  carry needs  to  be  encrypted  and
        tokenized immediately upon acceptance, Miles noted,     Dale S. Laszig, senior staff writer at The Green Sheet and founder and
        beginning with the initial swipe, dip or tap of payment at   CEO at DSL Direct LLC, is a payments industry journalist and content
        a certified POS terminal, so the data is not accessible as it   strategist. Connect via email  dale@dsldirectllc.com, LinkedIn www.
        flows through the payment chain.
                                                                linkedin.com/in/dalelaszig/ and Twitter https://twitter.com/DSLdirect















































                                                                                                                27
   22   23   24   25   26   27   28   29   30   31   32