July 15, 2009
-
Electronic Identity Systems, Pt.2
Cryptographic.Cryptographic security mechanisms scramble the credit card information at the point of sale prior to sending the information over the internet. After the information is scrambled, it is translated into cyber-text using a designated key. Cryptographies limit the number of individuals privy to the information. Because the credit card information is scrambled before it enters the internet, information has a higher protection level. An effective Cryptography provides high security for the key and limits the number of individuals from accessing the decryption key. The design of the key must also be highly complex and not easily broken by a supercomputer. There are two principal methods of cryptography, Shared Key and Public Key cryptography. The shared key is generally used in a credit card transaction security mechanism.
With a shared key cryptographic system, two parties, retailer and payment processing company, share the same unique code/key. During the credit card transaction process, the retailer’s system encrypts the data prior to transmission and the payment processing company decrypts it upon receipt. Cryptography has been around for years; however, more creative thieves have found numerous methods in cracking some of the older simpler codes. However, today we have some very sophisticated systems that have made the process more effective. Just released is the Thales nShield Connect 6000. Thales, a leader in information systems and communications security, announced their new hardware security module for security systems that protect personal data. Thales new nShield should prove to be valuable in protecting credit card and consumer identity information thereby significantly reducing the number of information breaches.
Despite the fact that cryptography has become more sophisticated and nearly impossible to crack, there remains a high dependency on the human factor in protecting the code. Not very comforting for the credit card customer who has to rely on the integrity of several entities including the merchant, payment processing company, and bank before, during, and after a transaction.