Reaction from Richard Blech, CEO of Secure Channels to the new PCI DSS 3.1 standard
We applaud PCI counsel for recognizing that SSL is broken. There’s a dichotomy to the term ‘Best Practices’ – by definition, ‘Best Practices’ does not mean using the broken standard. Upgrading the standards to allow merchants and business partners to protect payment data still leaves companies vulnerable. The vast array of tools that hackers use to get payment data such as RAM scraping needs to be stopped in its tracks by addressing the core problem. The credit card info is being stolen, if it were protected with deep encryption it would not matter.
The solution needs to be defined, designed, developed and deployed. There’s an absolute and unequivocal relationship. PCI-DSS calls out Best Practice techniques in protecting critical information, with a wide-array of controls for front-end, middle-tier, and back-end platforms. While the PCI framework is not the cure for all breaches, it was created as a launch pad to first set up an intermediate technical roadmap; second, to create and energize a forum aligning customers, businesses, and technology; and third, to promote checks and balances for each responsible party, fair to their level of activity.
Traditional Swipe and EMV is still susceptible to well-known and documented RAM scraping malware, which continues to evolve via sophisticated methods. The SSL TLS session intervenes after MiTM active attacks have compromised the Point of Sale terminal; hence all the user data is already stolen. Technologies are available that address the issue at its core where the data is originated and saved by enabling a “Secure Execution” environment, done with great detail to preserving hardened and uncompromising end-to-end security.
Duo Security RSAC 2015 – Register to win a free Quadcopter
About Secure Channels
Secure Channels Inc. is a cybersecurity firm leveraging robust, state-of-the-art patented encryption technologies and authentication solutions compatible with every type of data available today. Fostering innovative disruptive technologies while still being user defined has become a cornerstone for Secure Channels. The development of patented unique processes that harden encryption and envelop resources renders the data unbreakable and useless to the hacker leaving them with only bits and bytes. By using its Proximity Technologies and securing data through IoT Devices, Secure Channels will be delivering real time analytics, payment processing, and data collection to any mobile platform or device. Secure Channels provides impenetrable cybersecurity far in excess of any existing encryption systems available. For more information visit here www.securechannels.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.