Audit , Cloud Security , Encryption & Key Management
The Importance of Devaluing Payments Data
Lance Johnson of PCI SSC on Top Security StepsAn essential component of protecting payment information is devaluing the data that is transmitted so it's of no use to hackers, says Lance Johnson, executive director of the PCI Standards Security Council .
"There are a number of ways that we can do that," he explains in an interview with Information Security Media Group. "EMV is a great step forward because it actually starts controlling the information flow."
Other ways to devalue data in transit, he says, include point-to-point encryption and, eventually, tokenization.
In this interview (see audio link below photo), Johnson offers insights on:
- How new PCI 4.0 standards will address new technologies, including cloud services ;
- Best security practices for practitioners and assessors in security data;
- The evolution of standards for software products and services to enhance business processes.
Johnson is responsible for driving and implementing the council's strategic direction. Previously, he served as the COO at Sequent Software, where he led all corporate administration and operations. Prior to that, Johnson spent more than 20 years at Visa as a senior leader directing global risk management and security, fraud detection and control, and global payment data and device security.