CONTINUE TO SITE »
or wait 15 seconds

Blog

Understanding security in transaction-based monitoring tools

August 14, 2012 by Marc Borbas — VP, Marketing, INETCO

I was doing a product demo the other day for a prospective partner when he asked, "You can actually pick up the credit card number in transactions?"

"Yes," I replied.

"That's great!" he said and we continued with the demo.

We can pick up credit card numbers because we decode application-level messages originating from ATM, POS, online banking, and mobile banking applications using flexible tables that actually pick apart the messages and return individual fields.

Each field is mapped to a data dictionary (e.g., data element 2 in the message is the credit card number) so that it can be used to trigger alerts or execute searches.

Our responsibility doesn't end here. Once the fields are tagged, we apply a security classification. Fields are marked as one of the following:

  1. Forbidden. This information should never be stored or displayed (e.g., track 2 information on a credit card).
  2. Sensitive. This information must be treated in some way before it's stored or displayed (e.g., blank certain digits or replace them with asterisks).
  3. Normal. This information is suitable for display.

Forbidden information is dropped (in memory and never swapped to disk); sensitive information is treated (using non-reversible methods). Along the way, everything is encrypted. All data passing on the wire between the data collectors, the server and the data storage is always SSL encrypted.

We took another step beyond the wire, as well, implementing a FIPS compliant integration with Thales security hardware. This allows us to tie in seamlessly with even the tightest security architectures out there to make sure forbidden and sensitive information is protected in every way possible. Users are not doing any of the encryption in their programming code, and there is no opportunity to compromise their software system.

So yes, we can actually pick up the credit card number in transactions. And yes, it's a great feature. But with great features comes great responsibility. Make hardware encryption a mandatory check box when it comes to investing in your transaction-based monitoring tools.

About Marc Borbas

None

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Replacing the ATM: Pros and cons of new vs. remanufactured
Romanian man arrested for alleged cash trapping ATM scheme
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'