The phrase "devalue the data" was used several times by new PCI SSC General Manager Steve Orfei in his keynote today during the PCI Community meeting in Orlando. I like the term - data devaluation - and that's obviously the right direction. It means that payment transaction data, even if intercepted and stolen by hackers, cannot be useful for processing new transactions. In payment card industry it can be achieved by using different technologies and their combinations: EMV, P2PE, and Tokenization. But it took the payment industry several decades to realize that the data must be devalued, and it will take many more years to fully implement such devaluation. Unlike PCI, Bitcoin and other crypto currencies are designed in a way that transaction data has not value by definition. So is it worth making efforts and trying to patch the old technologies in order to achieve the same level of security that new technologies already provide out of the box?
Slava Gomzin
Author of books Crypto Basics, Bitcoin for Nonmathematicians, Hacking Point of Sale
RSS Feed
Copyright © 2011-2022 Slava Gomzin
