Beautiful Trade/Deconstructing Commerce
In order to rethink e-commerce security, we must first examine what is in place today. The current security model contains fundamental flaws and suffers from assumptions that are overly broad and ultimately unnecessary. A series of patches and Band-Aids have been billed as best practices and part of an in-depth security strategy. And although these security practices are helpful in protecting data in a generic sense, they do not focus on the real issues of our payment systems.
As an industry, we have spent a great deal of time and money tracking this data, transforming this data through encryption, and protecting it in storage and transmission—all to make up for a lacking security model. An entire industry has been created around the Payment Card Industry’s Data Security Standard requirements for merchants and service providers. But why? This data has become the crown jewels to many security professionals (and those who work against them) in the e- commerce and retail industries.