The Danger Of Assuming Perfection
August 26th, 2010In last week’s lead story, PCI Columnist Walter Conway wrote a hard-hitting column questioning whether–under very limited circumstances–carelessly used encryption might actually weaken a retailer’s data security. In security circles, it’s heresy to question encryption and, predictably, the emotional reaction to the column was intense.
It’s not often that people challenge our technical conclusions while simultaneously questioning the marital status of our mothers. The column suffered from one key technical error, questioning how easy it would be to extract clues to an encryption key from encrypting the short payment card expiration date field. Walt admitted that error–and explained the context–in his column this week. (By the way, if anyone else wants to yell us at, this week has a column from Frank Hayes that questions the very premise of security passwords. Gluttons for punishment we be, a rare breed of journalistic masochists.) But there’s a bigger issue at play here, a long-standing technology frustration beneath the emotions.
Read more...
The mobile challenge is less about supporting the devices and more about having the skill and tenacity to integrate the ordering app into the multitude of POS networks/software iterations.
-Dan Stiel