RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
Saturday, July 18, 2026
RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
Add RCR Wireless as a preferred source on Google
  • Qualcomm 6G Insights
  • Huawei Content Hub
  • Qualcomm – 6G Vision
  • OSS/BSS Channel
  • RCRTech Roundtable: AI Infrastructure
RCR Wireless
RCR Wireless
  • Advanced Mimo
  • Mobile mmWave
  • 5G Positioning
  • Green Networks
  • Metaverse
  • Automotive
  • Industrial and Wide-area IoT
Copyright 2021 - All Right Reserved
Home - Reader Forum: Can credit card info ever be safe in this ‘bad new world?’
Reader Forum

Reader Forum: Can credit card info ever be safe in this ‘bad new world?’

by RCR Wireless News June 13, 2011
written by RCR Wireless News June 13, 2011 Share
LinkedinEmail
Share 0LinkedinEmail
79

Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but maintain some editorial control so as to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected] or [email protected].
For hackers, it seems to be open season on sensitive financial information. It’s difficult to not be an alarmist with recent events: 100 million credit card numbers stored in the cloud by Sony Corp. in its Play Station Network have been compromised; 2.2 million of those apparently have been hawked by hackers already. Personal information for 5 million people was stolen from Epsilon Data earlier this year. Heartland Payment Systems had 130 million credit card numbers stolen from it in 2009.
Is your most sensitive financial information safe when you give it to a company and let them store it in the cloud? Ask Sony CEO Howard Stringer. He said recently that we’ve entered a “bad new world” where credit card information stored on servers will never be “100% secure.” Can this be true?
Simple problem, too many places storing way too much credit card information
The problem is really quite simple; there just aren’t enough online security experts to go around to service the thousands of companies that need them. Amazon.com Inc., with its myriad online systems probably could (or does) absorb all the really good security experts around. Who’s left for Sony or Verizon Communications Inc. or Epsilon? What’s more, even for the best experts, they are in an arms race with the thieves. It just takes one slip-up to expose millions upon millions of credit card numbers. The truth is, the way systems are set-up today, thieves have the numbers dramatically in their favor. Like a lion hunting wildebeest, a thief can survey the herd of companies storing millions of credit card numbers and take down the weakest one. Sony’s Stringer is right, at some point, the way systems are designed today, Apple Inc., or Google Inc., or Amazon.com, or PayPal, or AT&T Inc., or Comcast Corp., etc., will get compromised too. The worst part of it is, you don’t know which one it will be and it’s likely that more than one of them already has your credit card information stored somewhere.
Simple solution, stop storing credit card information in the cloud
This may sound radical, but if Sony, et al, stopped storing your credit card information in the cloud, the problem is solved. It really is that simple. But, from Sony, et al’s, perspective, how will they make it easier for you to pay for stuff? The financial fall-out of repeated re-entry of credit card information will be catastrophic from their perspective. Apple, and carrier billing before it, has shown that credit card re-entry is a severe barrier to consumer’s parting with money. So, what should they do?
Here’s an idea. What if these companies stored the credit card information only on the user’s device and never stored massive databases of millions credit card numbers in the cloud? Here’s a brief overview of how such a system could be implemented.
Keep the most important information in the most secure, hard to get to spot – the user’s device:
–Credit card information should be stored where it is inputted, i.e. the PlayStation or the iPhone, in encrypted fashion. For example, unbreakable 256 bit 3DES can be used to encrypt the data on the phone. The important thing here is that the encryption/decryption key is not stored on the phone. The key must be stored in the cloud.
Make the cloud a low value target:
–Store decryption keys only in the cloud. This way if Sony gets broken into and a hacker gets all the decryption keys, they have nothing of value because they still need to get access to a user’s phone in order to get access to a single credit card number. This is not only very difficult to do, it’s immensely inefficient.
Secure all the transmission links:
–When a payment is being conducted, transmit the decryption key to the user’s phone over an encrypted SSL link. 1024 bit SSL encryption (which is now commonplace and easy to implement) is basically uncrackable. Attempting to snoop the communication between devices and servers will be relatively fruitless.
Secure access on the device, via a password – so no one but the owner can ask to do a transaction:
–Putting a password wall in front of sensitive information is not that big a hurdle in some circumstances, but when we are talking about a case when the thief has to get access to an individual user device and steal a decryption key, password protection on the device that supplements, as opposed to replaces, the 3DES encryption creates a very effective barrier to automated “man-in-the middle” attacks.
After the credit card number is transacted on the vendor’s server – throw it away:
–It’s critical in this system that the user’s credit card information never be persisted anywhere but on the user’s device. After there has been a request to run the credit card, there is no reason for the vendor to store the user’s credit card information. When a new transaction happens, the user can have their phone send the credit card information then.
Putting this all together, you get a system that works as follows. The user inputs, only once, their information into a digital wallet on the device. When the information is stored, a 3DES encryption key is used to encrypt the credit card number and that encryption key (but not the credit card information) is sent, over an encrypted SSL link, to the cloud for storage. When a user later wants to pay for something, the user enters their password and the device then asks the cloud for the decryption key. The decryption key is sent to the device over SSL, the credit card information is decrypted and sent to the payment processor via SSL. The device immediately removes from its memory the decryption key and the payment processor immediately removes the credit card information from its memory. At no time is there a place where large volumes of credit card numbers belonging to multiple users are stored simultaneously.
Under a system like this, the best a thief can do is steal the user’s device and hack it to steal the user’s information off of it. That is, to steal 1 million credit cards, a thief would have to physically steal 1 million iPhones or PlayStations. Even thieves value their time and the effort it takes to steal a credit card number under this system greatly exceeds a stolen credit card number’s value. It’s time we turned the numbers game around on the thieves instead of making their lives easier.

You Might Also Like
  • The (agentic) future of AI-to-AI connectivity (Reader Forum)
  • How operations leaders see 5G as vital for mission-critical workflows (Reader Forum)
  • How the FCC can protect IoT innovation and GPS resilience in the 900 MHz band (Reader Forum)
  • Trust you can see – the convergence of voice, messaging, and identity (Reader Forum)
  • Subsea resilience needs to move beyond cable count – here’s why (Reader Forum)
  • Real-world network emulation is critical for 5G deployments (Reader Forum)
Share 0 LinkedinEmail
Avatar of RCR Wireless News
RCR Wireless News

previous post
Reader Forum: Self optimizing networks – tips for success
next post
Apple attracts trademark suit with iCloud moniker

White Papers

  • Norton eBook: The 2026 Telco Playbook

  • Enea White Paper: Why Intelligent AAA is the Swiss Army Knife of Telecom

  • CSG White Paper: Telco AI Enabler: Mediation’s Defining Role

  • Enea White Paper: Scalable Database Design for 5G and Beyond

  • Supermicro and NVIDIA Whitepaper: Powering sovereign AI at scale

Editorial Reports

  • Nvidia Report: The State of AI in Telecommunications: 2026 Trends

  • Report: Scaling Optical Networks For The Hyperscale And AI Era

  • Test And Measurement Market Pulse Report

Webinars

  • Webinar: Building 6G — aligning technology, policy and purpose

  • SIMCom Webinar: Scaling your next deployment – from plastic to provisioning

  • Webinar: Rethinking the RAN as AI, cloud and openness converge

  • Webinar: Scale-Up, Scale-Out, Scale-Across – Building AI-Era Network Fabrics

  • Webinar: NTN in motion – evolving standards, expanding services

Since 1982, RCR Wireless News has been providing wireless and mobile industry news, insights, and analysis to mobile and wireless industry professionals, decision makers, policy makers, analysts and investors.

Facebook Twitter Youtube Linkedin Envelope Rss

Useful Links

  • Subscribe
  • About RCR Wireless News
  • Contact Us
  • Advertise
  • Editorial Calendar
  • Archive
  • RSS
  • Wireless News Archive
  • Subscribe
  • About RCR Wireless News
  • Contact Us
  • Advertise
  • Editorial Calendar
  • Archive
  • RSS
  • Wireless News Archive

Edtior's Picks

Red Hat outlines AI-RAN roadmap
Ericsson wins role in £8bn UK’s defense upgrade as private 5G moves to...
Thursday (telco diary) | Satellite versus terrestrial

Latest Articles

Red Hat outlines AI-RAN roadmap
Ericsson wins role in £8bn UK’s defense upgrade as private 5G moves to frontline
Thursday (telco diary) | Satellite versus terrestrial
The Agentic Network — Deutsche Telekom on APIs for trusted AI

© 2026 RCR Wireless News All Right Reserved. Developed by Eight Hats.

Cookie Policy | Privacy Policy

RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
@2020 - All Right Reserved. Designed and Developed by PenciDesign