Reader Forum: Can credit card info ever be safe in this ‘bad new world?’

Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but maintain some editorial control so as to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected] or [email protected].
For hackers, it seems to be open season on sensitive financial information. It’s difficult to not be an alarmist with recent events: 100 million credit card numbers stored in the cloud by Sony Corp. in its Play Station Network have been compromised; 2.2 million of those apparently have been hawked by hackers already. Personal information for 5 million people was stolen from Epsilon Data earlier this year. Heartland Payment Systems had 130 million credit card numbers stolen from it in 2009.
Is your most sensitive financial information safe when you give it to a company and let them store it in the cloud? Ask Sony CEO Howard Stringer. He said recently that we’ve entered a “bad new world” where credit card information stored on servers will never be “100% secure.” Can this be true?
Simple problem, too many places storing way too much credit card information
The problem is really quite simple; there just aren’t enough online security experts to go around to service the thousands of companies that need them. Amazon.com Inc., with its myriad online systems probably could (or does) absorb all the really good security experts around. Who’s left for Sony or Verizon Communications Inc. or Epsilon? What’s more, even for the best experts, they are in an arms race with the thieves. It just takes one slip-up to expose millions upon millions of credit card numbers. The truth is, the way systems are set-up today, thieves have the numbers dramatically in their favor. Like a lion hunting wildebeest, a thief can survey the herd of companies storing millions of credit card numbers and take down the weakest one. Sony’s Stringer is right, at some point, the way systems are designed today, Apple Inc., or Google Inc., or Amazon.com, or PayPal, or AT&T Inc., or Comcast Corp., etc., will get compromised too. The worst part of it is, you don’t know which one it will be and it’s likely that more than one of them already has your credit card information stored somewhere.
Simple solution, stop storing credit card information in the cloud
This may sound radical, but if Sony, et al, stopped storing your credit card information in the cloud, the problem is solved. It really is that simple. But, from Sony, et al’s, perspective, how will they make it easier for you to pay for stuff? The financial fall-out of repeated re-entry of credit card information will be catastrophic from their perspective. Apple, and carrier billing before it, has shown that credit card re-entry is a severe barrier to consumer’s parting with money. So, what should they do?
Here’s an idea. What if these companies stored the credit card information only on the user’s device and never stored massive databases of millions credit card numbers in the cloud? Here’s a brief overview of how such a system could be implemented.
Keep the most important information in the most secure, hard to get to spot – the user’s device:
–Credit card information should be stored where it is inputted, i.e. the PlayStation or the iPhone, in encrypted fashion. For example, unbreakable 256 bit 3DES can be used to encrypt the data on the phone. The important thing here is that the encryption/decryption key is not stored on the phone. The key must be stored in the cloud.
Make the cloud a low value target:
–Store decryption keys only in the cloud. This way if Sony gets broken into and a hacker gets all the decryption keys, they have nothing of value because they still need to get access to a user’s phone in order to get access to a single credit card number. This is not only very difficult to do, it’s immensely inefficient.
Secure all the transmission links:
–When a payment is being conducted, transmit the decryption key to the user’s phone over an encrypted SSL link. 1024 bit SSL encryption (which is now commonplace and easy to implement) is basically uncrackable. Attempting to snoop the communication between devices and servers will be relatively fruitless.
Secure access on the device, via a password – so no one but the owner can ask to do a transaction:
–Putting a password wall in front of sensitive information is not that big a hurdle in some circumstances, but when we are talking about a case when the thief has to get access to an individual user device and steal a decryption key, password protection on the device that supplements, as opposed to replaces, the 3DES encryption creates a very effective barrier to automated “man-in-the middle” attacks.
After the credit card number is transacted on the vendor’s server – throw it away:
–It’s critical in this system that the user’s credit card information never be persisted anywhere but on the user’s device. After there has been a request to run the credit card, there is no reason for the vendor to store the user’s credit card information. When a new transaction happens, the user can have their phone send the credit card information then.
Putting this all together, you get a system that works as follows. The user inputs, only once, their information into a digital wallet on the device. When the information is stored, a 3DES encryption key is used to encrypt the credit card number and that encryption key (but not the credit card information) is sent, over an encrypted SSL link, to the cloud for storage. When a user later wants to pay for something, the user enters their password and the device then asks the cloud for the decryption key. The decryption key is sent to the device over SSL, the credit card information is decrypted and sent to the payment processor via SSL. The device immediately removes from its memory the decryption key and the payment processor immediately removes the credit card information from its memory. At no time is there a place where large volumes of credit card numbers belonging to multiple users are stored simultaneously.
Under a system like this, the best a thief can do is steal the user’s device and hack it to steal the user’s information off of it. That is, to steal 1 million credit cards, a thief would have to physically steal 1 million iPhones or PlayStations. Even thieves value their time and the effort it takes to steal a credit card number under this system greatly exceeds a stolen credit card number’s value. It’s time we turned the numbers game around on the thieves instead of making their lives easier.