Friday, January 15, 2010

'Tokenization' touted to increase credit card data securities (Part 2)

Rescuing the princess
So far, tokenization technology comes in a handful of flavors, with Shift4's 4Go SafeSwipe, EPX's BuyerWall and Merchant Link's TransactionVault being the major ones.

Shift4's Randy Carr likes to use the princess analogy to explain tokenization and the real-world obstacles it faces in the payment industry.

"Say you have a castle with a princess, and all these bad guys keep riding up trying to kidnap her," he says. "The way the industry has approached securities is to put a moat around the castle, bar the doors and windows and put archers on the roof. What we did was ask, 'Why don't we just remove her from the castle?'"

Aye, good move for the princess, i.e. your card data. But not such good news for the folks who make their living by digging moats, barring windows and launching arrows, i.e. the data securities industry.

"If you like selling firewalls and intrusion detection systems and encryption, this is very bad news," says Carr. "We have detractors at every turn. There are people who want to solve the problem, and there are people who don't, who still want to build the moat."

The card brands themselves may pose the most formidable obstacle to tokenization, given that they make a tidy sum each year by charging data securities fees to their merchant customers.

"The reason this technology is not being used is financial," says Carr. "The card companies want to talk about it, hold hearings about it, form a committee, but they don't want to actually solve it. It's like saving the whales: If anybody actually saved the whales, there are going to be a lot of people out of work."

Carr believes the game-changer in the equation is today's hacker. "These aren't college students doing it anymore; they're ex-Soviet operatives, and they're serious guys. They're not there to get 20 card numbers; they're there to get 100 million card numbers," he says.

Their purpose, Carr says, is not to purchase golf clubs, but to fund terrorism, which may explain why the FBI and other intelligence agencies have been inviting Carr and his counterparts for tea.

Carr, for his part, would like to see tokenization become a federal data-securities standard.

"We have issues right now that demand a real solution, not just something you talk about," he says. "You've got to put this in play. I think if Congress were to call all the card brands to the [Capitol] Hill and said, ‘Look, you guys know about this. Why aren't you using it?' they would be hard-pressed to answer that question."


Post a Comment News: Credit cards for small business owners