The Bankwatch

Tracking the consumer evolution of financial services

Tokenisation of payment solves one problem for Banks but not all future attacks

As banks adopt the new best practise approach of tokenization to ensure that real card information is not passed to merchants, new risks will appear as the potential for breach is shifted upstream to new attack vectors.

Chase Launches Robust Digital Banking Services, Own Wallet Platform Coming Soon

Tokenization ensures sensitive customer data is never passed to the seller, greatly reducing the risk of identity theft and security breaches

Bad guys will seek the next easiest attack approach:

  • Banks that haven’t adopted tokenization still have their customer card information sitting on multiple store databases.
  • Tokens themselves will be subject to attack.  The potential exists to intercept a token and use as a one time payment.
  • Banks own networks and systems.  The source of the token will be a viable attack.
  • A host of other techniques will be developed by criminals.

All this to say that tokenisation is a solution for known attacks and not future attacks.  Constant vigilence and research is required to stay ahead.

Written by Colin Henderson

March 15, 2015 at 23:12

Posted in Uncategorized

%d bloggers like this: