As you know, I pretty much constantly complain that noone ever does anything to inherently make better the state of data security when it comes to credit cards. The brands are always blame shifting, and merchants get left holding the liability bag and paying for everything.
Well, I'm not going to suggest that First Data has solved all of these problems, but what I will say is that I think they've put a stake in the ground with this new service. Their new, "Secure Transaction Management" service utilizes RSA's tokenization technology on the endpoints to minimize the usage of credit card data throughout the enterprise. Partnering with RSA on this product gives some credence to it. Merchants aren't inclined to trust a payment processor who makes claims about the security of a technology unless a trusted 3rd party gets involved and makes it so.
This obviously isn't my Utopian solution. I think card data needs to be public key exchange based, starting on the card. I realize that this makes me some sort of fringe lunatic thinker. However, given that wholesale changes at Visa aren't likely, First Data's STM seems like a pretty good idea.
The only concerning part of the press release was this:
"The service uses First Data infrastructure by storing credit card data in secure servers for future retrieval by the merchant if necessary, while returning tokens to the merchant for use in their systems, Capellas said."
There's still a certain amount of faith that this product places in the merchant to determine what is "necessary." People like to store things that they're not supposed to, and making the data available to them practically guarantees that they'll find a way to use it inappropriately.
That said, this is the first time I've seen a payment processor take an active roll in providing a product which has a security provision layer as a core part of the offering. Nice work guys.
One piece of advice:
keep an eye on those "secure servers" that store data for "future retrieval."
No comments:
Post a Comment