Reducing Risks and Costs of Sensitive Data Storage
Reducing risks and costs of sensitive data storage
So how do companies reduce the risks and costs associated with sensitive data? There is no silver bullet answer to this equation. However, there are some very viable solutions that can be considered. An article published last year referenced the results of a PricewaterhouseCoopers (PwC) study presented to the participants of a recent PCI Security Standards Council community meeting.
According to the article, the purpose of the study was "to identify a number of technologies that retailers may be able to leverage to reduce their scope in complying" with the PCI DSS. It continued by saying that PwC evaluated 12 technologies and took a deeper look at four: end-to-end encryption, tokenization, magnetic stripe imaging, and virtual terminals.
Based on their findings, it was determined that end-to-end encryption, which encrypts data from point-of-sale at the merchant across the processor's network, may have the most success at reducing PCI compliance scope for merchants. It was further explained, "Tokenization, which replaces card numbers with a token or unique reference number, also has similar possibilities, and can help shift some of the risk and burden of PCI compliance."
Those two technologies identified above-end-to-end encryption and tokenization-currently provide the best solution for companies. When considering whether to implement either technology, a company must always keep in mind that securing the data may not be their core competency. It will consume precious resources of time, money and personnel. Therefore, a company must evaluate if they will build their own solution or turn to a trusted third party to provide those solutions.
Mark Johnson is CIO of ProPay. Mark has over 24 years in the IT industry. Prior to joining ProPay in early 2008, Mark was senior vice president of IT and security officer for one of the nation's Top 25 issuing and acquiring banks. Mark's experience includes software development of financial systems for a multibillion dollar organization, director of computer science for a Salt Lake City-based junior college, and director of technology operations for FranklinCovey. Mark has also served in the United States Air Force as a statistician where he earned the Air Force Commendation Medal. Mark holds a Bachelor's degree in Computer Science from Idaho State University and a Master's degree in Business Administration from the University of Phoenix. Mark is also a Certified Payment-Card Industry Security Manager (CPISM). He can be reached at firstname.lastname@example.org.