Big moment for end-to-end security?

If there was anything to be gained from the embarrassing data breaches of 2009--often at the hands of master hacker Alberto Gonzalez--it was this: More attention on the movement toward end-to-end encryption.

Not long after the Heartland Payment Systems mega-breach, CEO Bob Carr pledged to agitate for sweeping changes across the industry. The result was a partnership with Voltage Security to produce the E3 system, a system that protects card data from the moment a card is swiped till its entry into the payment processor's systems.

People in the industry generally seem to be solidly behind the idea of end-to-end encryption. But what the world needs is a standard. Visa has come out with some guidance on the issue. Adoption would of course be facilitated if everyone agreed on the best way to do this. There are other approaches as well. RSA and First Data have a token-based system that would replace sensitive information with random numbers. The Payment Card Security Standards Council is looking at the issue. Hopefully, we'll get some good news in 2010. At least one pundit ranks this as the top issue of the year.

For more on this:
- read this info on Visa's data field encryption
- read this SearchSecurity article

Related Articles:
Data breaches to end up in the courts?
Lawsuit against Heartland updated
Goldman Sachs incident a boon for data loss prevention?