Reply to post: How could Experian allow decryption of 15 million Social Security Numbers?

Experian-T-Mobile US hack: 'We trusted them, now that trust is broken'

UlfMattsson

How could Experian allow decryption of 15 million Social Security Numbers?

How could Experian allow decryption of 15 million Social Security Numbers? We know that most banks limit the amount you can withdraw from an ATM on a daily basis to limit fraud.

Encryption and decryption is only a way to enforce a security policy. A security policy can be applied to encryption or tokenization services. The PCI DSS Tokenization Guidelines, released 2011, suggests that tokenization systems can be configured to throttle or reject abnormal requests, reducing the potential exposure of unauthorized activity.

Also the Visa Tokenization Best Practices guide for tokenization, released in 2010, suggests that tokenization systems can be configured to throttle or reject abnormal requests, reducing the potential exposure of unauthorized activity.

I suggest that also all encryption/decryption services should apply similar rate limiting rules to prevent or limit theft of sensitive information from databases.

Ulf Mattsson, CTO Protegrity

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021