The Green Sheet Online Edition
October 12, 2009 • Issue 09:10:01
First Data's new dynamic duo
As ISOs examine their expense accounts and plan for the coming year, they may want to consider a First Data Corp. value-add that comes on the market in the first quarter of 2010. Called First Data Secure Transaction Management, the solution combines end-to-end encryption with tokenization to secure cardholder data at the POS and then remove it from the merchant environment, but still give merchants safe access to it when necessary.
As described by Craig Tieken, Vice President of Product at First Data, payment card data is encrypted at the point of capture. The 16-digit card number is then tokenized - given a different 16-digit number with the last four digits the same as the original - that is stored at the merchant site. "The token is stored in lieu of the card number so that there's nothing to steal," Tieken said.
Merchants can store the token however they want, without fear that a data breach will expose actual numbers to fraudster, according to First Data. "It's nothing that can be used to initiate a financial transaction at a point of sale," Tieken said. "They can just send it in the clear. They can store it in the clear. They're not worried about if someone hacks in and thinks they've got a bunch of valuable numbers."
In a white paper entitled Data Encryption and Tokenization: An Innovative One-Two Punch to Increase Data Security and Reduce the Challenges of PCI DSS Compliance, Tieken wrote that data encryption alone may be sufficient for merchants who do not store cardholder data on site or in off-site servers. But for merchants who do, Tieken advises them that stolen data, even if encrypted, can be decrypted if fraudsters have the key. The extra layer of security afforded by tokenization is therefore the way to go, he said.
Just as the new service further secures data, it also promises to significantly reduce merchants' Payment Card Industry (PCI) Data Security Standard (DSS) compliance costs. Tieken's white paper cites a Mercator Advisory Group report that said an outsourced tokenization solution saved one large merchant $2 million annually in compliance costs. Of the 12 requirements of the PCI DSS, Tieken said First Data's encryption-tokenization technology, which is powered by the RSA SafeProxy architecture, touches at least seven.
First Data Corp.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.