Minum Data Redaction

Published on 10 February 2010
#payments #security
This post image

WriteStreams.com is pleased to announce its new Minum Data Redaction (MDR) product. MDR provides physical data security for sensitive bank and credit card information, complementing the electronic data security covered by IBM's just-announced Optim Data Redaction product. Used together, these products can help you achieve PCI DSS compliance with little or no coding.

IBM's new Optim Data Redaction automatically removes account data from documents and forms. You can get that wondrous XXXXXXXXXXX1234 credit card number formatting with little or no effort on your part (apart from buying software, of course).

Our new Minum Data Redaction product extends account number protection to the physical world, protecting the bank cards you carry. Its super-strong rear adhesive and front opaque covering ensures that your sensitive credit card information stays protected. It comes in a variety of colors (including duct silver and black), and our Premium version provides extra thickness to cover embossing.

But seriously now, we go to great lengths to protect electronic card information by encrypting it in stored files (56-bit DES isn't good enough); redacting it on printed receipts, reports, and statements; and setting disclosure requirements that publicly embarrass companies who slip up. But yet our simple payment process requires that we hand all this information over to any clerk or waiter who usually goes off with it for awhile: certainly long enough to copy it all down. PCI DSS offers the classic false sense of security.

I was recently a victim of fraud against my Visa card. A series of small (mostly $5) fraudulent charges hit my account over several days until I closed the account. From what I learned, the charges where only authorized by account number and expiration date; there was no zip code verification. I don't know how the perps got my credit card number, but I doubt they grabbed data from a financial institution in the dark of night, nor devoted the $250,000 and 56 hours required to run an EFF DES crack against it. It probably came from a clerk or waiter who handled my card. My cards, like everyone else's, have account number, expiration date, and CCV printed right on them. Zip code isn't there, but anyone who wants it can just ask to see my driver's license for verification. It's a gaping hole.

Until credit cards gain better physical security, there is no "silver bullet."  But banks and card companies could enlist help from their own customers. For example, let me specify which types of charges I would allow/authorize. It would spare consumers the hassles of disputing charges, and would save issuers the dispute processing fees and write-offs.