As National Cyber Security Awareness Month comes to an end, itâ€™s important to set habits now that will carry on throughout the year. Thereâ€™s no better time to start evaluating your IT system to ensure that itâ€™s up to the task of keeping your customersâ€™ information safe. This year, the NCSAM theme was â€śOur Shared Responsibility,â€ť so letâ€™s take a few moments to look into some sobering statistics, courtesy of the â€śAftermath of a Data Breach Studyâ€ť by the Ponemon Institute.
Data security is never the responsibility of just one individual. When establishing a strong, secure core cryptographic infrastructure, be sure to create policies and procedures for every group and place that has contact with customer data, from employees to third party vendors to internal storage.
Just as important as the human factor, ensure your system has the technology is needs to keep information secure. Consider adding these technologies to enhance the security of your core cryptographic infrastructure while reducing the cost and scope of compliance at the same time:
- P2PE: a data protection method that encrypts sensitive information at the Point of Interaction (POI). The information remains encrypted through transit until it reaches the secure boundary of aÂ FIPS 140-2 Level 3andÂ PCI HSMÂ validated hardware security module, at which point it is safely decrypted without fear of tampering.
- Tokenization: a storage technology that protects data by removing it altogether, replacing it with an identifier known as a token. In typical financial applications of tokenization, a payment transaction occurs and the merchant retains only the token, which is linked to that specific cardholder account and, by itself, has no worth to fraudsters.
- EMV: a chip-integrated payment technology used to prevent card duplication. Often referred to as PIN and Chip, EMV-enabled payment cards have an embedded cryptographic chip that is used in conjunction with a PIN to verify cardholder authenticity.