Payment Security Initiatives UnveiledCard Brands Launch New Ways to Secure Transactions
The White House Summit on Cybersecurity and Consumer Protection late last week served as the stage for more than a dozen companies and trade groups to announce new initiatives aimed at securing Internet transactions and payments and reducing fraud.
"The federal government cannot, nor would Americans want it to, provide cybersecurity for every private network," a White House statement says. "Therefore, the private sector plays a crucial role in our overall national network defense."
According to a White House fact sheet, Visa will commit to tokenization, substituting credit card numbers with randomly generated tokens for each transaction by the end of March. And MasterCard will invest more than $20 million in new cybersecurity tools, including the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber-attacks.
The card brands also are participating in the administration's Buy Secure Initiative, pledging to collaborate with Apple, Comerica Bank and U.S. Bank to make ApplePay, a tokenized, encrypted mobile payments service, available for users of federal payment cards.
The White House also announced that two trade groups, the Financial Services Roundtable and the Retail Industry Leaders Association, will release two papers aimed at enhancing a collaborative effort to create standards and principles for the development of next-generation technologies to minimize the value of payments information if it's stolen or lost.
Also at the cybersecurity summit at Stanford University, Intel is releasing a new authentication technology that will not rely on a password, but employ other technologies, such as biometrics. American Express is announcing its rollout of new multifactor authentication technologies for consumers. And MasterCard and First Tech Credit Union are revealing a new pilot later this year that would allow consumers to authenticate and verify their transactions using a combination of biometrics, such as facial and voice recognition.
A number of other organizations also are using the summit stage to promote new initiatives, including:
- The Cyber Threat Alliance - which includes security providers Palo Alto Networks, Symantec, Intel Security and Fortinet - is launching a cyberthreat sharing partnership to build best practices and standards consistent with the information sharing executive order being signed by President Obama at the summit (see Obama to Issue Cybersecurity Executive Order).
- The Entertainment Software Association is creating a new information sharing and analysis organization, or ISAO, that will be built consistent with the executive order. Endpoint security provider Crowdstrike also is forming an ISAO.
- Collaboration software provider Box is participating in the standards-development process for ISAOs as well as exploring ways to use the Box platform to enhance collaboration among ISAOs.
- Network security company FireEye is launching its own information sharing network to enable its customers to receive threat intelligence in near-real-time and provide anonymized threat indicators.