Keeping credit card numbers well-Cloaked: Q&A with Fingerhut's Mark Lieberg

"The SSL is still used today because it largely is pretty effective," said Mark Lieberg, information security manager, CISSP, for 60-year-old catalogue company/direct retailer Fingerhut. "What's coming into focus more sharply is, what do we do with the data after we have it? How do we secure that data and protect it from further security risk?"

While a wider variety of methods are available to protect data within a company, the chances of losing that data due to accidents or criminal activity have risen with the growth of e-commerce: a box of data tapes falling off a truck; a laptop with sensitive information lost or stolen.

However, Fingerhut - which ticketed US$500 million in revenue in 2008 - has committed to a relatively new security method that helps lock down data like credit card numbers: tokenization, an encryption technology that cuts down on the number of outside eyes having access to sensitive personal data.

As the PCI (Payment Card Industry) Security Standards Council begins to look for more stringent security methods and demand compliance from participating corporations, Lieberg believes that tokenization may give e-commerce companies the best chance yet to manage security compliance in the most cost-effective way.

Read the full article here.