Identity theft and card data security in the Wall Street Journal

Brian Waldman

June 24, 2010

Today the Wall Street Journal printed an article about personal identity theft and card data security titled Hackers Aren't Only Threat to Privacy, by Ben Worthen.

Markiyan Malko, Merchant Warehouse's PCI Compliance Officer had some interesting thoughts on the importance of keeping vigilant when it comes to accessing and distributing both personal and financial information.

Having a good amount of experience in the payments industry I can attest to the fact that a surprising amount of breaches occurs accidentally and without anyone actually trying to steal the data. This is why it's important to put systems and solutions in place that will limit the employee's access and ability to distribute the data unless it is essential to their job function. Many of the solutions that are becoming increasingly prominent in the credit card payments industry at this time involve the use of encrypting hardware that eliminates card data from ever being seen in the clear. For example, my company, Merchant Warehouse, deploys encrypted card reader that immediately secures the data right in the read head of the card reader. That data is then passed through the customer's system fully encrypted and sent off for processing where it is then decrypted by the processor/bank. By using this type of solution the customer and their system never sees any sensitive data in the clear which offloads a lot of the responsibilities of securing the data to the payment processor and gives the business owner some peace of mind knowing their employees can't steal or accidentally expose the data.