GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

New moves for more mojo in '09


Industry Update

Online shoppers stay the course

Morgan Stanley sues Discover

TARP eases AmEx woes

Is TALF on target?

RBS staves off hackers

Shift4 podcast available


Mt. Snow clear for summit

Getting smart about contactless

Industry Leader

Paul Martaus –
The go-to guy

Selling Prepaid

SellingPrepaid now in print

Prepaid in brief

Going boldly into m-commerce

Achieve wellness with rewards

A new outlook for the unbanked


How to preserve self-regulation

Biff Matthews
CardWare International

A countertop tonic for recession blues

Bulent Ozayaz

Changes afoot, challenges ahead

George Sarantopoulos
The Access One Group


Street SmartsSM:
Become an enterprising networker

Jason Felts
Advanced Merchant Services Inc.

The new age in customer retention

Christian Murray
Global eTelecom Inc.

Rising above recession: 10 tips

Curt Hensley
CSH Consulting

PCI, an aspect of PII

Ross Federgreen, Ken Musante and Theodore Svoronos

PCI: What to hope for in 2009

Tim Cranny
Panoptic Security Inc.

Weathering the coming payment storms

Jeff Fortney
Clearent LLC

Company Profile

Charge Card Systems LLC

New Products

Seek profitable harbor with POS

Harbortouch POS Systems
Company: United Bank Card Inc.

Securing data on the edge

Cipher Security Module
Company: Semtek Corp.


Beyond resolutions

Beyond resolutions



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

January 12, 2009  •  Issue 09:01:01

previous next

Shift4 podcast available

Shift4 Corp., a supplier of secure payment processing services, now offers the podcast "Trying to protect payment data when you can't even find it all." Produced in partnership with StorefrontBacktalk, an online resource focused on retail technology and e-commerce, the podcast is available at

The resource is intended to help merchants simplify Payment Card Industry (PCI) Data Security Standard (DSS) compliance and achieve total security for their payment systems. The podcast captures a conversation between David Taylor, founder of the PCI Knowledge Base and former Security Analyst with Gartner Inc., and J.D. Oder, Shift4's founder and Chief Technology Officer. They discuss card information replacement technologies (CIRT) and how retailers can effectively evaluate alternative payment security solutions. The podcast also covers how information technology departments can regain control of their most sensitive data.

Oder noted that if people don't possess sensitive data, it can't be stolen from them. "I think the key here is to look at this as a very corporate-wide systemic approach and look at all of the data that you're storing, including payment data," he said.

"The less storage you put in the hands of individual employees, the less likely they are to be able to put data in a whole bunch of places, whether it's USB [universal serial bus] sticks on their PCs or in e-mail addresses sitting on their servers," Taylor said.

Keep it secret, keep it safe

Cardholder storage and security is a top priority of financial institutions. And lost cardholder information is a nightmare for payment professionals. According to Oder, sound in-house company security policies need constant review and revision. "You can strictly enforce things, but it's a moot point if the employee does everything right and the company infrastructure fails," Oder said. "The challenge we run into is that policy is simply words. But it's the actions and ability to stay focused on a day-to-day basis that keeps card data in control. Breaches happen when mistakes are made, but simplifying PCI means having the right technology in place."

Taylor believes one of the ways to do this is to move back to business architecture that entails centralized computing and virtual terminal devices. The less storage you put in the hands of individual employees, the less likely they are able to put data helter-skelter in data storage systems.

Taylor noted that it will be "incredibly expensive" to make the necessary changes. "What we really need to do is look at how we reduce the volume of data that is all over the place," he said. "Finding it and purging is a necessary thing. To avoid a regression, we have to greatly confine the sensitive cardholder data we have to as few locations as possible once we find it."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios