All financial institutions and retailers are looking for solutions to protect credit card and other sensitive data from the moment the magnetic stripe of the payment card is swiped through to the end of the payment processing cycle.
The current end-to-end encryption solutions between the merchant system (point of sale or POS device) and the card acquirer offer promising benefits for securing credit card transactions, but do not address the extension of encryption beyond the acquirer host system.
“End-to-end encryption allows protection of data traveling between two nodes without being intercepted or read by anyone except by the sender and the intended recipient. It includes protection of both confidentiality and integrity of the data.”
If it is so secure and protects data during transmission, then why has the adoption been so slow? This is because the extension of end-to-end encryption across the entire transaction cycle is not simple.
To be truly effective, the magnetic card reader would be required to encrypt cardholder information immediately after the swipe and before any transmission, even inside the merchant location. This may present challenges because the account number contains the information needed to route the transaction, requiring at least a portion of the data to be in the clear.
The second biggest challenge is that a financial transaction is processed at multiple stages in transit by different applications and platforms, which require decryption and re-encryption at each transaction point. The points of decryption and the systems handling the credit card number in the clear remain unprotected by end-to-end encryption for even brief periods of time, sufficient to expose those systems to sophisticated attacks. This increases the risk of data being stolen during processing or storage at transaction points.
Additionally, as an authorization transaction message is decrypted and re-encrypted, multiple new encryption keys are necessary and require proper operator management, introducing additional complexity and risk into the authorization life cycle. Improper key management could become a new source of data compromise.
The true endpoint in the payments process is the data on the magnetic stripe stored in the clear on the card, and therefore vulnerable to skimming and cloning. Preventing these attacks would require the use of chip cards or similar technology like tokenization in order to better protect cardholder data, and we are seeing progress here with EMV and mobile payment adoption.
Tokenization substitutes the primary account number (PAN) with a non-sensitive value known as a token. A token is considered non-sensitive and does not require security protection because it has no extrinsic or exploitable meaning or value to an attacker. Tokens can be safely used by any file, application, database, or backup medium minimizing the risk of exposing the actual sensitive data. This approach has become popular as a way to increase security of credit card and e-commerce transactions, while minimizing the cost and complexity of industry regulations and standards.
Tokenization is an evolving technology, and as with many evolving technologies, there is currently a lack of industry standards for implementing secure tokenization solutions. Additionally, the architecture, implementation, and deployment of tokenization solutions can vary considerably, and the risks either created or mitigated by these systems are equally varied. The security and robustness of a tokenization system is dependent upon the secure implementation of four critical components: token generation, token mapping, card data, and cryptographic algorithm and key management.
Tokenization can be implemented independently or in concert with data field encryption for the protection of cardholder information. These cardholder security techniques, when implemented using well-known and trusted algorithms, can likely provide the greatest level of data confidentiality.
What Lies Ahead
Given the rapid increase in processing power, it is obvious that the encryption methods used today will become obsolete in the near future. New methods are being explored, such as honey encryption, which deters – or at least slows down – attackers by serving up fake data for every incorrect guess of the key code and eventually burying the correct key in a haystack.
Another method, quantum cryptography, allows one to distribute sequences of random bits whose randomness and secrecy are determined by the laws of quantum physics. These sequences can then be used as secret keys with conventional cryptography techniques to ensure the confidentiality of data transmissions. In explanation, it is impossible to copy data encoded in a quantum state as the very act of reading data encoded in a quantum state changes the state. This is used to detect eavesdropping in quantum key distribution.
There has been a parallel debate on whether government should have backdoor access or duplicate decryption keys. At present, no technological solution exists that would allow government to have as-needed access to company data. Requiring companies to produce duplicate keys would certainly increase the risk of cyber attacks, but government’s argument has been that terrorist organizations recruit their members through mobile messaging apps that are end-to-end encrypted and may not be intercepted.
All we know for sure is that we must continue to prepare for the unknown. With the Internet of Things, the amount of data has risen exponentially. Discovering new methods to safeguard that data is an exciting challenge for all of us in Information Security.