Data-Centric Security, Wherefore Aren’t Thou?

by in Security

As this Data Breach story reports, the Wawa convenience store chain “discovered malware on Wawa payment processing servers” in December 2019, putting customers who paid with credit cards at risk for fraud.

 This is yet another case where data-centric security (and especially Voltage SecureData Payments) can help companies with data protection. In a system using data-centric security, credit card numbers are encrypted in the payment swipe device, and remain protected until they reach the processor. This way, if malware gets into an organization’s servers, the hackers see only the encrypted values, with no way to decrypt them.

(And for entertainment value, since those protected values would look like real credit card numbers, the thieves might try to sell them on the Dark Web—damaging their own reputation and perhaps lowering the value of such data, further reducing the payoff from such hacks!)

With the majority of the top payment acquirers in the U.S. using Voltage SecureData Payments, such as WorldPay and Epicor, most merchants have no good excuse for not providing data-centric security for payments (and other data stores of personally identifiable information, which can be protected by SecureData Enterprise).

Voltage SecureData Payments—what’s in YOUR payment terminal?