The alleged hacking of SIM Card encryption keys has once again highlighted the importance for card manufacturers to have in place advanced data encryption processes and robust security handling policies to mitigate the risks of serious breach, writes Marshall Haldane, allpay Card Services Director.
With technology evolving in sophistication, it has never been more important to ensure security products are upgraded, best practice is followed and – just as importantly – staff understand their roles and responsibilities around data handling, production processes and audit trails.
As a global card supplier – certified to manufacture both MasterCard and Visa Cards – allpay takes a three-pronged approach to security handling through physical and logical access, staff vetting and training and third-party audits to meet PCI Security Council compliance standards.
Doing battle against sophisticated fraud and theft techniques means getting the basics right on physical access – ID authentication, CCTV, physical security checks/searches, tandem access requirements, etc
Having recently expanded our UK operation – subsequently introducing new service lines in all areas of card production – the design of our network architecture as a whole was reviewed and strengthened to exceed industry standards.
Construction plans, facility layout, implementation of the access control system, intrusion detection systems and CCTV cameras all combine to create a resilient and safe environment for manufacturing cards. Combined with the use of state of- the-art EMV encoding, data encryption, laser, printing, colour and embossing technologies, they work to assure a secure operation at every inch of the site.
However, just as important as the physical nature of security is the effective protection of data, and, crucially, regular attention of those in the production environment who work around it. Building protections around stored and moving data (across a number of networks), needs to be rigorous.
While we invest heavily in advanced data encryption techniques to protect client data in the event of
a breach, it comes to nothing if the personnel are not acutely aware of their responsibilities within security policies and procedures.
At allpay, pre-employment and ongoing screening of staff remains key – as does staff knowledge of the production process, site security and logical security procedures.
Due to continuous investment in technology, protocols and guidance needs to be frequently updated, requiring staff to carry out regular security awareness training.
At allpay, for example, staff are required to sit regular security awareness training via online tutorials which is logged centrally. They’re also regularly issued with updated guidance should protocols be enhanced or changed.
Key to any safe environment ensures that:
- Guidance, training and processes are not static, but evolving;
- Enforcement of security policies is strict, not merely satisfied
- Security audits and awareness training is regular, not infrequent; and that
- Prevention of viruses is automated, not manual, and systems are updated regularly with the latest security patches for operating systems.
Robust implementation of the above is imperative for card issuers to reduce the risk of fraud and theft, while maintaining a high-level of security for their customer information.