Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit credit card number with an encryption algorithm to card-based tokens, which substitute a random token with the hope that it could reduce the scope of a PCI DSS assessment.
Robert Griffin, technical director at RSA, the security division of EMC Corp., has been the lead architect in a number of encryption and tokenization projects. In this interview, Griffin, a recognized encryption expert and co-chair of the OASIS Key Management Interoperability Protocol Technical Committee, talks about why RSA's approach to protecting credit card data -- using card-based tokens -- is the most effective way to protect sensitive credit card data from cybercriminals. The security vendor recently released a white paper,Secure Payment Services: Credit Data Security Transformed outlining its position on the technology.

The link for this article located at Search Security is no longer available.