Finance Industry Needs Tokenization, Fast
The JP Morgan/Chase data breach set off breach alarms around the world. Widely considered the most well secured financial network, or at least they spend more money than most financial institutions, and yet they were powerless to defend against one of the larger data breaches we have seen. The cyber thieves embedded themselves into the JP Morgan network and were there for years, remaining undetected. The breach affected 13 other financial companies, but more than anything showed the world that any organization WILL be compromised. It is time for financial institutions to adopt tokenization to get rid of the toxic data in their environment. These breaches affect more than just the Payment Card Industry and Wall Street. To take this to a personal level, when your bank account is compromised…it becomes more than just news fodder.
FBI & NSA Are Involved
Each of these high profile data breaches has forced the involvement of the FBI and NSA. They are throwing all of their muscle into finding hackers who want to work for the good guys. To further that point, President Obama has created a new agency that is designed to coordinate cyber threat intelligence that currently is spread across the federal government. This new agency will be modeled after the National Counter Terrorism Center. Their goal is to find the origination of these hacks, which is similar to searching for a needle in a haystack, a very large haystack. Until then, groups like Anonymous will continue outing cyber-terrorists left and right. The bottom line is that the overall data security strategy must change for financial organizations, worldwide. Otherwise, we will continue to read about the latest data breaches as often as we check the weather. There is hope on the horizon.
JP Morgan set off data breach alarms all over the world
22 of the nations largest banks have joined forces to call for sweeping data security changes. Collectively, the banks have experienced that EMV is not the end all to data security. After all, it is a technology that is over 20 years old and was created when there was no Internet. Fraud continues to skyrocket. Securing card not present transactions is the driving force for the push to tokenization and consumer authentication.
Tokenization removes the toxic payment card information (PCI), and personally identifiable information (PII) from your environment, while replacing the toxic data with a token. If the token is breached, the cyber thief is left with a meaningless value. A data breach is inevitable for us all in this day and age, so it is time to implement a security strategy that will not expose the sensitive data when the breach occurs.
The Federal Reserve is Overhauling Their Payments
The Federal Reserve is overhauling their payments with speed and greater levels of security. The new security initiative is calling for standards and tokenization. These new standards include: end-to-end payments, a move to ISO 20022(financial universal messaging scheme), authentication, and tokenization. The shear amount of transactions and the fact that they are target number 1 for hackers has forced them to make these drastic changes. I applaud them for taking aggressive steps to secure their environment, but they will need to layer their security approach in order to truly make their payments secure.
Not all Tokenization is Equal
The main focus with tokenization is that it removes the toxic data from your environment. However, only cloud tokenization truly takes the toxic data out of PCI, PHI, and PII scope. On-premise tokenization solutions store this toxic data in your environment offering no relief for compliance/scope. Cloud tokenization removes the data, but still allows you to use your data for existing business functions. Seems like a no-brainer to me, but there is still reluctance with companies in using cloud-based applications. Organizations like the Cloud Security Alliance (CSA) are leading the charge mandating the highest levels of security in cloud-based environments. TokenEx is a proud member of the CSA.