Keeping credit card numbers well-Cloaked: Q&A with Fingerhut's Mark Lieberg

It's a fact that might not bring a lot of comfort to consumers and businesses, but it's true: The methods for protecting e-commerce transactions haven't changed a great deal since online shopping became a viable option in the early '90s. SSL (Secure Sockets Layer) and TSL (Transport Layer Security) encryption are the protocols that slap on that little padlock you see at the bottom of a Web site once you've begun the purchase process.

"The SSL is still used today because it largely is pretty effective," said Mark Lieberg, information security manager, CISSP, for 60-year-old catalogue company/direct retailer Fingerhut. "What's coming into focus more sharply is, what do we do with the data after we have it? How do we secure that data and protect it from further security risk?"

While a wider variety of methods are available to protect data within a company, the chances of losing that data due to accidents or criminal activity have risen with the growth of e-commerce: a box of data tapes falling off a truck; a laptop with sensitive information lost or stolen.

However, Fingerhut - which ticketed US$500 million in revenue in 2008 - has committed to a relatively new security method that helps lock down data like credit card numbers: tokenization, an encryption technology that cuts down on the number of outside eyes having access to sensitive personal data.

As the PCI (Payment Card Industry) Security Standards Council begins to look for more stringent security methods and demand compliance from participating corporations, Lieberg believes that tokenization may give e-commerce companies the best chance yet to manage security compliance in the most cost-effective way.

Read the full article here.