I have been sitting on this blog/thought for awhile but it’s even more timely now with the Global Payments breach (Reported first by Brian Krebs on his security blog). Global Payments is a merchant acquirer that has contracts with retailers for handling the processing of card transactions (credit card, debit cards, gift cards of all brands). Though the information about the breach is still being assembled, it is estimated that information about 10 million+ accounts was lost. Though Global specializes in “mom-and-pop shop” transactions, the company itself is very well established ($167 Billion worth of transactions last year alone). This breach happened in spite of having decent security measures in place. What is worse is that the data stolen is full “ track 1” and “track 2”, which means using that stolen data, one could easily produce counterfeit cards. (Be on the lookout for unauthorized charges in your account – it is hard to dispute a transaction when someone swipes a card unless you catch it early – I can tell you that from personal experience).
The problem lies in the whole complex payment systems that were developed years ago for payment transactions. In those days, security was not on everyone’s mind. That was partly because because most of these systems ran on private networks (and leased lines) and the hackers those days were not that savvy. It is sad, but true, that it is much cheaper for the companies to deal with the breaches than to make their systems more secure. You might recall a serious breach with Heartland Payment systems a couple of years ago, where they lost about 130 million cards. Last year hackers stole payment card information for more than 100 million customers of off Sony’s PlayStation Network. Suffice it to say – that in between these events, there were multiple smaller breaches that went unnoticed.
If you are a security architect and are wondering how you can safeguard your company from such disasters, we here at Intel can help you. While we have many solutions that can help in various areas, I would like to talk about a particular solution, our Tokenization Solution – Intel Expressway Tokenization Broker (Intel ETB).
A few years ago, PCI-DSS released a new directive that opened the door for a new concept called tokenization. Of paramount importance when dealing with sensitive data is the overarching need to keep it secure. Up until a few years ago, that was done by encryption. While an encryption solution is very good for what aims to achieve, the attendant issues ended up becoming major issues (key management, key rotation, encryption strength, etc). If a hacker catches a transaction in flight, or hacks in to the systems and catch that transaction in memory/ process (where the data might be in clear) the issue becomes even graver.
In order to avoid this, PCI-DSS released a directive (and updated it late last year with PCI DSS 2.0 Aug 2011) for tokenizing the PAN (Primary Account Number) information. At the heart of this directive is the fact that if you create a true random token (i.e., format preserving surrogate) there is no way that a hacker who intercepts that message can get the original information back. Hence, there is no monetary loss if someone were to capture the token in flight or from storage.
Intel provides hardened proxy Token Brokers that one can either slide in front of or in back of any application (we do support almost all standard protocols and data formats) that can sit in the line of traffic and perform these tokenization actions. Essentially that means very little or no work is required on the applications/API/services side. By sliding our proxies in the line of traffic, you can ensure that all of the channels are secure and that no one can sneak in.
An application needing original data can come back to Intel ETB and then be provided with the original data. This can be either a side call (as in a call to an API to reverse the data) or via an in-line reverse translation, so that the receiving application will receive the original data without a need for modification. In this scenario, only the necessary applications (or the proxies) would know where to go to resolve the token. Such an application would need to be white listed. Moreover, the connection could be made as a 2-way mutually authenticated SSL that would establish the identity of both sides, ensuring that the information travels securely end-to-end.
Tokens are stored in a hardened database which is nearly impossible to breach and which only Intel ETB can connect to. All the communication from Intel ETB to the database is secure and the database has a white list of only tokenization brokers that it, in turn, can connect to.
In short, by using Intel Tokenization Broker (Intel ETB) solution you get,
- Storage and processing using surrogate data and not the original data.
- Format preserving tokenization allowing the preservation of parts of PAN information for internal purposes.
- It can handle any form of data such as MS word, Excel, PDF or any other document type.
- Solution comes with the necessary security certifications (CC EAL 4+, FIPS 140-2 Level, etc)
- Allows you to secure the perimeter, secure the edge, secure the API.
- Will reduce PCI scope, Protect Card Holder data,
- It can work anywhere within the enterprise, extended enterprise, including partner locations, or in virtual environments such as in the cloud.
- Can be in DMZ due to a hardened appliance form factor.
- Results in Reduction of annual assessment costs.
- Helps with compliance issues.
- Provides a hardware based random token generator.
- Full disk encryption, database storage encryption, Secure Boot/ BIOS, Tripwire, snooping block
If you are interested either in PAN tokenization or PII tokenization (such as SS#, DOB, etc) use the bottom link to check out our solution details and reach out to me if you need further details.
Also, check out this whitepaper by Walter Conway, QSA, who is an expert on this subject.
As George Santayana once wrote, “those who cannot remember the past, are condemned to repeat it.” I’m hopeful that we will be able to help our customers protect their enterprises so that these things won’t happen in the future.
Andy Thurai — Chief Architect & CTO, Application Security and Identity Products, Intel. Andy Thurai is Chief Architect and CTO of Application Security and Identity Products with Intel, where he is responsible for architecting SOA, Cloud, Governance, Security, and Identity solutions for their major corporate customers. In his role he is responsible for helping Intel/McAfee field and technical teams and customer executives. Prior to this role he has held technology and architecture leadership and executive positions with L-1 Identity Solutions, IBM Datapower, BMC, CSC, and Nortel. His interests and expertise include Cloud, SOA, identity management, security, governance, and SaaS. He holds a degree in Electrical and Electronics engineering and has over 20+ years of IT experience.