robb • User • The Register Forums

TalkTalk offers customer £30.20 'final settlement' after crims nick £3,500

Thursday 5th November 2015 15:25 GMT robb

Re: Tokenised?

Tony S - yes, though any set up that has been properly designed won't allow access to the 'real' secure data using the tokens without additional authentication and/or IP based filters. I used to use a tokenised payment gateway in a previous life and getting the tokens from us would have been only one part of a pretty extensive hack. Nothing is impossible, but the tokens alone shouldn't be the keys to the castle.

Hard to comment on whether TT have done things properly, of course...

0 0

Thursday 5th November 2015 14:04 GMT robb

Re: Tokenised?

Tokenisation is a mechanism by which the secure data (in this case, and usually, the CC number, etc.) are passed to a separate part of the infrastructure (or a 3rd party) and a token is returned as a reference. The token has no intrinsic value, but can be used to utilise the secure data.

The obvious advantage of this is that a breech doesn't give out credit card info in any form, encrypted or otherwise. If someone gets access to the tokens then the part of the infrastructure (or the 3rd party, if one is being used) should only allow access to the secured data for a valid token from a valid source using some properly secured mechanism, making it relatively easy to secure the confidential info e.g. by having the secure data stored on a private, possibly non-Internet accessible network that is only accessible from the company's sites (or more likely, very specific servers at said sites).

This is a pretty common approach as part of gaining PCI compliance for companies that process CC info, but of course it is mostly only used for the credit card data, not the rest of the personal data so if the personal data other than the CC info allows people to be conned out of cash (or have their money taken directly through some route other than their CC) then it isn't a panacea.

0 0

Apple 'iWatch' trademark filing hints Cook's make-or-break moment looms

Tuesday 2nd July 2013 12:02 GMT robb

Mr B

Kreyos (http://igg.me/at/kreyos/x/3803346) are already trying to be innovative in this space - can Apple beat them to it (and if they do, will it be good news or bad news for Kreyos and Pebble) ?

I do wonder how many devices I am supposed to carry. iPhone, iPad (or Android tablet, having both), laptop. a smart watch might replace my normal watch (or might not) but it's yet another device to keep charged.

0 0

Gates, Woz, and the last 2,000 years of computing

Tuesday 25th January 2011 14:14 GMT robb

Atari 800?

I had many 8bit systems over the years, including a couple of Atari 800 variants, and they competed pretty well with the C64. In fact the Amiga was the decendant of the Atari 800, both being designed by Jay Miner (and you could kinda tell, IMO, if you knew the innards of the graphics hardware on both).

0 0

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

Posts by robb

TalkTalk offers customer £30.20 'final settlement' after crims nick £3,500

Re: Tokenised?

Re: Tokenised?

Apple 'iWatch' trademark filing hints Cook's make-or-break moment looms

Mr B

Gates, Woz, and the last 2,000 years of computing

Atari 800?

About Us

Our Websites

Your Privacy