News

Removing credit-card info seen as key to consumer, merchant security

October 9, 2007

LAS VEGAS - Speakers at the Real Security Summit said the future of credit card payments depends on systems that remove useable card data stored anywhere at the merchant level.

"The technology exists to achieve real security by taking card data out of merchant systems," said J. David Oder, chief executive of Shift4 Corp., the summit's sponsor. "Hackers and bad guys will always be on the attack, so the prudent approach is to minimize risk by not storing data in merchant systems."

What was described by Jonathan Rusch of the U.S. Department of Justice as a "global security epidemic" is fueled by terrorist groups and organized crime turning to credit card fraud as a ready source of cash.

"Terrorists are always learning and exploiting the system," he said. "The key is to stop the problem at its source," said Dennis Lormel, a former white-collar crime expert for the Federal Bureau of Investigation who now works with Corporate Risk International.

Merchants are now being pushed by the industry, summit speakers said, to choose payment processing that outsources the risk by not storing any credit-card data at the merchant level.

With the possibility of heavy penalties and customer backlash in the event of a data breach, merchants were urged to investigate new technologies that go beyond complying with standards to create real security that can be sustained.