Why Is End-to-End Encryption So Daunting? Data Protection Expert Highlights Key Issues
Richard Moulds
Retail point-of-sale breaches at Target Corp. and Neiman Marcus have put a spotlight on payment card security and encryption. But achieving true end-to-end encryption isn't easy, says data protection specialist Richard Moulds.

Moulds, a data protection specialist for data-security firm Thales e-Security, says in an interview with Information Security Media Group that the industry is focused on the need for standardized practices that protect cardholder data, from the time it is accepted at the POS to the time the payment is settled with the acquiring bank.

Encryption can help protect data, but unless it's truly end-to-end, which is not the case in most retail environments today, card data can still be exposed, Moulds says.

The exposure of unencrypted card data was a focal point of recent Congressional hearings surrounding the Target and Neiman Marcus breaches. Both retailers were attacked by malware that ultimately exposed credit and debit data collected in the clear at the point of sale before it was encrypted as the transactions were processed (see Breach Hearings: How Did Security Fail?).

Managing Keys

One reason end-to-end encryption is difficult to achieve is because managing the keys required to decrypt card data gets more complicated the more players that are involved, Moulds says.

"The real challenge, when it comes to deploying encryption, is keeping the keys secret," Moulds contends. The more entities that need to have access to the keys that decrypt card information, the more risk increases, he says. This is especially true in the payments chain, Moulds says.

"Really, it's all about the key management," he says. "And that becomes a significant thing to manage, and a burden."

During this interview, Moulds discusses:

At Thales eSecurity, Moulds serves as the vice president of product management and strategy. He has helped to redefine boundaries of encryption management for numerous global enterprises.




Around the Network