Hi [[ session.user.profile.firstName ]]

Secure payment vulnerabilities with Point-to-Point encryption

Everyday consumers assume that when making a purchase, online or in-store, their card data is handed off to a trusted source, with security in place to protect them. However protecting these transactions and the retail payment ecosystem has become increasingly complex, with recent data breaches of large retailers testament to the vulnerabilities.

In addition, compliance with PCI DSS fails to address some of these vulnerabilities resulting in potential exploitation with disastrous consequences. To address these security gaps the scope of security needs extending from the merchant, acquirer, switch and bank or card issuers to include the manufacturers of payment terminals at the point of sale and developers of payment application software.

Join your fellow professionals to understand how by using Point-to-Point Encryption, card data is encrypted from the earliest possible moment of its capture, and ensures that data remains in an encrypted state consistently until it arrives at the payment gateway.

Then understand why many merchants are considering P2PE not only to secure vulnerabilities, but also because it can effectively remove some of the merchant’s own security infrastructures from the scope of compliance with regulations such as PCI DSS. Lastly understand why encryption is only as secure as the encryption keys as when cryptography is used to protect valued data, the risk is transferred from the data to the keys.
Recorded Apr 24 2014 57 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Paul Hampton, Product Manager, SafeNet
Presentation preview: Secure payment vulnerabilities with Point-to-Point encryption

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • 451 Research & Gemalto Present "Alphabet Soup: Deciphering Multi-Cloud Security Oct 19 2017 3:00 pm UTC 60 mins
    Eric Hanselman, Chief Analyst at 451 Research and Michael Gardiner, Security Lead for CTO office, Gemalto
    The cloud provides organizations with elasticity and speed and by 2018 60% of an enterprises’ workloads will run in the cloud says 451 Research. The amount of business operations running in the cloud means organizations have more cloud computing service providers, with a typical enterprise having roughly six. This requires companies to develop and implement a multi-cloud strategy, especially when it comes to security. But each CSP has its own security offerings and integrations sometimes making the process confusing and complex. Even prior to the cloud, encryption and key management have presented challenges for many organizations, but with encryption becoming ubiquitous – a strong key management strategy is key. This is especially important with industry mandates and government regulations like European General Data Protection Regulation (GDPR) and U.S state data breach disclosure laws.

    In this joint webinar with 451 Research, we will cover topics including:

    -Building a multi-cloud security strategy for encryption and key management
    -Best practices, benefits and pitfalls of managing your own security
    -Impact of regulations on data protection in the next few years
    -Understanding the different CSP requirements for key management:
    oCustomer-Supplied Encryption Key (CSEK)
    oBring Your Own Key (BYOK)
    oHold Your own Key (HYOK)
    oGeneral cloud service provider key management services overview
  • Are you Ready for DFARS? Recorded: Sep 27 2017 60 mins
    Eric Avigdor, Director of Product Management at Gemalto
    With the deadline for DFARS (Defense Federal Acquisition Regulation Supplement) quickly approaching, many business are scrambling to meeting compliance requirements. An important part of DFARS addresses the need for strong, two-factor authentication, as well as physical access controls to organizational information systems, equipment, and the respective operating environments to authorized individuals.
    Are you prepared? If you’re like many other government contractors and subcontractors, a little advice may be needed to navigate the waters of physical and user access controls.
    Gemalto’s Identity and Protection expert, Eric Avigdor, will be present and informative look at DFARS and what options are available to ensure compliance. What Eric will discuss:
    •Overview of DFARS mandate
    •Use cases – our experience from the field
    •Comprehensive solutions that meet the multi-factor authentication and physical access controls required by the DFARS mandate
    •Mapping solutions to the needs of your department
  • The Blockchain Bubble: Identifying viable opportunities for blockchain Recorded: Sep 26 2017 61 mins
    Joe Pindar, CTO Office Director of Strategy
    Blockchain technology is popping up everywhere from the currency market to smart contracts. The growth in the technology is evident from the investments being made, for example, PwC estimated that in the last nine last nine months of 2016, $1.4 billion had been invested globally in blockchain startups. This stems from its potential to enable efficiencies and cost-saving opportunities based on moving to a decentralized approach and away from the current centralized systems. With all the hype around blockchain, companies need to cut through the hype and ask the question - when does blockchain actually make business sense?

    Blockchain is not a silver bullet and cannot solve every problem. There is also the added complexity of managing the security of many distributed nodes can only be justified by gaining business benefits from using blockchain. In this webinar, we will look at a business qualifying approach to blockchain to help you evaluate valid blockchain use cases and identify the security needs surrounding blockchain operations. Join us to learn more on:
    •Securing blockchain from the edge to the core
    •The operational benefits and pitfalls of blockchain technology
    •Our 4 step qualification process for blockchain business opportunities:
    1.Is there an established business process?
    2.Are there more 3 parties involved – i.e. is it a distributed problem?
    3.Is it important that the data being exchanged is trusted and considered to be factually accurate?
    4.Would automation improve the performance of the process?
  • What is an Identity Provider (IdP) and Do You Need One? Recorded: Aug 23 2017 47 mins
    Stephen Allen, Authentication Expert at Gemalto
    The explosion of cloud-based applications in the enterprise is making IT and security professionals rethink their cloud identity management strategy. By default, every cloud user creates an average of 17 cloud identities. But catering to 17 different user stores per employee or partner is simply not scalable from an administration perspective. And as if IT’s time is not precious enough, password resets account for 20% of helpdesk tickets. This adds to the compliance and security risks associated with cloud-based applications, which by default require only weak static passwords and offer no central point of management across disparate cloud-based services.

    Join Stephen Allen, Gemalto Product Manager for Authentication and Access Management, and learn how deploying an Identity Provider enables:

    •Cloud Single Sign-On for easy access to cloud apps
    •Regulatory compliance with standards such as PCI DSS
    •Reduced identity lifecycle overheads
    •Centralized management of cloud access policies
    •Increased security with step-up authentication
  • Securing India's Aadhaar Numbers as per UIDAI's Mandates Recorded: Aug 11 2017 60 mins
    Nanda Mohan Shenoy, CAIIB, CISA - Bestfit Business Solutions and Prasun Srivastava - Solution Expert, IDP, Enterprise & Cyber
    The India's Unique Identification numbers (UIDs), also named "Aadhaar numbers" contain Personally Identifiable Information (PII), the Unique Identification Authority of India (UIDAI) has mandated that the private cryptographic keys used to digitally sign and authenticate the UIDs must be stored in a Hardware Security Module (HSM).

    In addition to HSMs, the UIDAI has also mandated the use of tokenization – replacing sensitive data with a token that can be securely stored, processed and transmitted as of August 2017.

    Join this live webinar to know more about how to easily conform to the mandate:
    •What is UIDAI's requirements?
    •Why HSM and tokenization?
    •How to ensure Aadhaar numbers are protected?
    •What makes Gemalto's SafeNet Luna HSM and KeySecure unique?
    •How to meet UIDAI's compliance mandates?
  • 6 steps to GDPR compliance Recorded: Aug 1 2017 61 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, Jan Smets, Certified Data Protection Officer, Gemalto
    The introduction of GDPR is set to bring data protection to the top of businesses’ priority lists. So how can businesses ensure they are compliant and what steps do they need to take?
    In this webinar, certified DPO Jan Smets with provide a six-step overview to help achieve compliance:

    1) Understand the GDPR legal framework
    2) Create a Data Register
    3) Classify your data
    4) Start with your top priority
    5) Assess and document additional risks and processes
    6) Revise and repeat
  • Law Enforcement Data On the Move: Don’t make CJI a Crime Recorded: Jul 20 2017 57 mins
    Stan Mesceda, Encryption Expert at Gemalto
    Law enforcement and defense organizations need secure access to sensitive data, and to provide services and to collaborate with others, while protecting the public, and any confidential information. Faced with these challenges, meeting compliance regulations such as Criminal Justice Information Services Security Policy (CJIS-SP) , is a priority for most organizations, especially as audits draw near.
    Did you know that the Criminal Justice Information Services Security Policy (CJIS-SP) requires that data be encrypted when it is transmitted outside a secure facility, even within the same agency
    “When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via cryptographic mechanisms (encryption)”

    Join us for an informative webinar where you will learn how to secure your data in transit as it moves across your internal and external network, to help ensure compliance with the FBI mandate.
    Attendee takeaways:
    •Overview of CJIS-SP mandate
    Network vulnerabilities and how Ethernet encryption can help secure data in motion
    •Use cases – hear how various agencies have successfully deployed network encryption to secure their data and meet audit requirements
    •Mapping solutions to the needs of your organization

    For more information on dealing with multi-factor authentication in the CJIS audit, check our part one in the series: https://www.brighttalk.com/webcast/2037/258091
  • Turning the Table on Hackers and Breaches Recorded: Jul 11 2017 45 mins
    Jason Hart, CTO of Data Protection at Gemalto
    Data breaches in 2016 got even more personal with big hacks of adult entertainment sites and social media databases. Hackers mined these for gold, in other words, valuable data to create social engineering attacks, ransom operations and identity theft. According to Gemalto’s Breach Level Index, the number of stolen, compromised or lost records increase by 86% in 2016, while the number of breaches decreased by 4%. Hackers are going after more data than ever before, and they are finding it in large databases that are left relatively insecure.

    Whether consciously or not, hackers have grasped the idea of situational awareness. They have figured out how to exploit these golden opportunities by keeping a pulse on what is going on. It seems too simple to be true, but it goes back to the age-old principle of information is power. Getting the information comes from being aware of one’s surroundings. To become situationally aware, companies need to change their mindset- building a walled garden isn’t an option anymore. During the webinar, we will look at the major data breach trends and findings from 2016 and discuss how this information can help develop your situational awareness. Join us as we cover topics like:

    -What we can learn from Jason Bourne about knowing one’s surroundings
    -What we can learn from hackers to better protect valuable data
    -What we as security professionals can do by going back to the basics of accountability, integrity, auditability, availability and confidentiality
    -How to change our mindset in a new era of a hacker driven gold rush
  • Getting Ready for Australia’s Privacy Act Amendment (Notifiable Data Breaches) Recorded: Jun 29 2017 58 mins
    Helaine Leggat, an legal expert in data protection regulations and Graeme Pyper, Regional Director at Gemalto
    The Gemalto’s Breach Level Index reported 1.4 billion data records compromised worldwide in 2016, up 86% from 2015. Closer to home, there were 44 & 16 voluntarily reported breaches in Australia and New Zealand respectively. With the new Privacy Amendment (Notifiable Data Breaches) Act 2017 in Australia, these numbers are expected to increase dramatically as organisations are required to declare any “eligible data breaches”.

    Navigating these regulations such as the Australian Privacy Act and European General Data Protection Regulation (GDPR) and the impact they will have can be daunting. Organisations must start planning ahead to mitigate the potential risks of being non-compliant. The implications of a data breach can go beyond compliance. In 2014, the Target breach had a massive impact on the company’s brand reputation, while last year’s announcement of the Yahoo! data breach cost the company nearly $1.7 billion in stock market value.

    During this webinar, Helaine Leggat, an legal expert in data protection regulations will discuss the Australian Privacy Act Amendment in detail, what it means for businesses in Australia and internationally. Graeme Pyper, Regional Director at Gemalto will provide recommendations to help prepare for the 2018 deadline. We will share industry best practices and methodologies companies can evaluate to simplify a government audit process. Join our experts to ask questions and learn more about:

    •The local and global government data privacy regulations (Australia and Europe)
    •Gauging the true cost of a data breach and how to reduce the scope of risk
    •Understanding privacy by design throughout business
    •Strategies for simplifying operations for regulation and internal audits
    •Determining current industry compliance, which may be applicable to the APA and GDPR
  • Getting Rid of Risky Business: How contextual info is securing cloud app access Recorded: Jun 28 2017 56 mins
    Ella Segura, Identity and Access Management Expert at Gemalto
    Organizations are working across more cloud environments from CSPs to on premise. Just this year, enterprises are expected to utilize an average of 17 cloud applications to support IT, operations and business strategies. The cloud’s benefits are well-known, but for security teams managing multi-cloud ecosystems has its challenges, especially when it comes to access management.

    Behavioral and contextual analytics are helping companies mitigate risk and better secure access to cloud applications and data. Using data-driven insights to develop internal security policies takes a more preventative identity and access management strategy.

    During this webinar, we will discuss what security professionals need to assess and understand when moving towards or updating a risk-based authentication model for IAM. The presentation will outline access management policies can be identified, templated, updated and monitored to improve security around data in the cloud.

    Join us for a deep dive into:
    -Current implications of multi-cloud environments on IAM
    -Proactively using analytics to define access policies
    -Avoiding security fatigue through scenario-based authentication
    -Preparing for audits using policy implementations
    -A live demonstration of how this all fits together in a multi-cloud environment
  • IoT Security over Tea: Brewing in the Business Recorded: Jun 20 2017 61 mins
    Gorav Arora, CTO Office's Director of Strategy
    For businesses and consumers the Internet of Things (IoT) is about the value of data, whether it’s for better decision making, for navigation to future goals or immediate maneuvering. The value of the data will vary based on numerous factors like its perceived value, intrinsic value, monetary value, etc. and may change over time. Being able to identify the value of data will help businesses better understand the associated risks and thereby the necessary security.

    According to Gartner, worldwide spending on IoT security will reach $348 million in 2016, a 23.7% increase from 2015 spending of $281.5 million. Companies need to understand and evaluate the business impact of data to determine its value and consequently the appropriate security. Following our introductory webinar “Steeping out the Hype,” the next in our series on IoT security will focus on the building an IoT security blueprint based on the estimated value of the data. The calculation will not always be linked to a monetary value but also the data’s impact if breached on brand recognition and stock price or data used to make strategic decisions, competitive information and/or intellectual property.

    Join us for a webinar to learn more about evaluating the value of your data and building an IoT security strategy to match the eight point business journey. Attendees will have a better understanding of the:
    -Eight point business journey and its connection to securing the data
    -Factors impacting the value of the data, the IoT personas outlook on each type of data and using them to calculate estimates and risk assessment to understand the cost of a breach
    -Messages to educate management and business leaders on the investment needed to support a secure IoT
    -A blueprint for building an IoT security strategy
  • Quantum Threat Conundrum: How to Create a Quantum-Safe Security Strategy Today Recorded: Jun 19 2017 61 mins
    Stan Mesceda from Gemalto -Bruno Huttner & Gilles Trachsel from ID Quantique
    With the advent of massively powerful quantum computers, much of today's encryption will be vulnerable. Preparing for the inevitability of quantum should be an integral part of current risk management strategy. Gemalto is teaming up with ID Quantique, a leader in quantum security, to help security professionals understand quantum-safe cryptography and the impact it will have on enterprise security. Find out how you can create a quantum-safe environment for voice, video, virtualization and mass data today, securing these assets from even the most advanced cybercriminals and their super-computers.

    Join Gemalto and ID Quantique for a joint webinar to learn more about:
    •What is quantum computing and how it affects security
    •Quantum cryptography in action
    •Examples of quantum cryptography in the enterprise and government space
    •Quantum-safe solutions at a glance
    •Future developments of quantum cryptography
  • Don’t let Smartphones Kill your PKI Security Strategy Recorded: May 23 2017 51 mins
    Gregory Vigroux, Enterprise Mobility Expert at Gemalto
    Half of businesses admit security is their biggest concern to increasing user mobility. Securing enterprise mobility has been an ongoing and arduous topic for IT security professionals. Maintaining high-assurance security, while offering access to company resources to an on-the-go workforce has become a balancing act. So much so, a third of businesses actually prevent employee access to company resources via mobile. This is likely not a long term or sustainable solution to the problem.

    So how do you find a compromise that won’t kill your security strategy? There are currently many technologies from derived credentials to mobile PKI. IT professionals are feeling the pressure to find a viable, user friendly, easy-to-deploy and secure options. In this webinar, we will discuss the current solutions in-depth and how they impact your current IT security policies. Attendees will learn more about:
    -Software-based security versus hardware-based security
    -How this impacts your back-end systems
    -Technology such as derived credentials and mobile PKI
    -Implementing a mobile PKI solution
  • Part II – How to get started with GDPR & Applying Appropriate Security Controls Recorded: Apr 25 2017 62 mins
    Jason Hart, Gemalto, Lisa Bentall, DQM GRC, Adrian Davis, (ISC)² EMEA, Nathaniel Ford, (ISC)² EMEA
    As a follow-up to our previous webinar, this panel discussion will dive into further detail about the GDPR. Presented by compliance experts Lisa Bentall (DQM GRC) and Jason Hart (Gemalto) we will answer some of the big questions raised in the previous webinar and open up to the live audience for an interactive Q&A.
  • Getting started with GDPR, Privacy and Applying Appropriate Security Controls Recorded: Mar 23 2017 56 mins
    Jason Hart, Gemalto, Christine Andrews, DQM GRC, Adrian Davis, (ISC)² EMEA
    In this webinar, presented by compliance experts Christine Andrews (DQM GRC) and Jason Hart (Gemalto) you will learn:

    a. The background to the new General Data Protection Regulation
    b. An overview of the key areas of change from the existing Data Protection Act – and the penalties for getting it wrong
    c. A focus on the information security implications and considerations for meeting compliance
    d. An approach for understand the “Gaps” in your current compliance and, importantly, how best to move forwards
  • GDPR Blueprint; Tackling Confidentially, Integrity and Availability of Data Recorded: Nov 24 2016 63 mins
    Jason Hart, CTO, Identity and Data Protection, Gemalto, Adrian Davis, Managing Director, (ISC)² EMEA
    The new EU regulation of the Privacy world (the GDPR) is rapidly approaching. This webinar will reveal a back to basics approach in relation to GDPR. Specifically, Jason Hart - Gemalto CTO will identify a GDPR blueprint that tackles the privacy concerns around confidentiality, integrity and availability of sensitive data.
  • GDPR – The monster under the bed or an opportunity to enhance security? Recorded: Oct 13 2016 62 mins
    James Leaton Gray, The Privacy Practice, Jason Hart, Gemalto, Adrian Davis, (ISC)²
    The new EU regulation of the Privacy world (the GDPR) is frequently portrayed as a scary and formidable piece of legislation that’s going to rock the online & off-line world. This webinar will explore what the implications really are. How much will change from the present regime? How difficult will it be to comply? Also is there an opportunity hidden in the challenge? And where will security and security professionals fit in the new picture?
  • GDPR: La violazione dei dati nel nuovo Regolamento Europeo sulla Privacy Recorded: Jun 15 2016 64 mins
    Gloria Marcoccio, Senior Advisor IT and International Privacy & Security Compliance, Simone Mola Sr Sales Engineer at Gemalto
    Fino a poco tempo fa, le leggi europee riguardanti la protezione dei dati erano principalmente focalizzate sul consenso della persona, limitazione delle finalità e trasparenza nei trattamenti, etc. mentre gli aspetti inerenti la sicurezza delle informazioni erano considerati, in linea generale, questioni squisitamente tecniche più che di conformità legale.

    Questo quadro ora cambia profondamente con l'entrata in vigore il 25 maggio 2016 del nuovo Regolamento Privacy Europeo (GDPR), e con la prossima direttiva europea sulla sicurezza delle reti e dei sistemi informativi (NIS Directive). Tra le nuove e importanti prescrizioni in tema di sicurezza del GDPR spicca in modo particolare quella della violazione dei dati personali, che richiede alle aziende di tutti i settori di effettuare in tali casi la comunicazione al Garante privacy entro 72 ore e, in particolari condizioni, anche la comunicazione senza indebito ritardo a tutte le persone interessate dalla violazione a meno che i dati non siano stati resi inintellegibili (per esempio per mezzo di crittografia). Inoltre la direttiva NIS, una volta recepita nei Paesi Membri della UE, richiederà tra l'altro agli Operatori dei Servizi Essenziali (Energia, Trasporti, Sanità, etc.) e agli Operatori di Servizi Digitali (e-commerce, motori di ricerca on line, Cloud Computing) di comunicare alle autorità competenti nazionali i casi di incidenti di sicurezza.

    L’Unione Europea vuole che la conformità alle nuove normative in materia di protezione dei dati diventi una questione prioritaria e ha così prescritto che queste regole siano soggette a pesanti multe (sono previste sanzioni fino a 20 milioni di euro, e per le imprese fino a 4% del fatturato mondiale, se superiore).

    Partecipa al webinar organizzato da Symbolic e Gemalto che si terrà il prossimo 15 giugno alle ore 11:00 per conoscere il quadro normativo applicabile e le misure da predisporre per una corretta gestione dei casi di violazioni dati.
  • GDPR Summary: Why encryption and other measures are now a must? Recorded: May 24 2016 62 mins
    Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • Data, the new oil: Find out why and what it means for your organization Recorded: May 5 2016 62 mins
    Moderator: Adrian Davis, (ISC)² EMEA; Speaker: Jason Hart, IDP CTO, Gemalto
    Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone.
    More data in more places is leading to an increasing number of data breaches with attackers intent on trying to monetize your sensitive information.
    Jason Hart, IDP CTO at Gemalto will explain why data is the new oil and how easy it is to get hacked with a live hacking demo.
    In this interactive webinar we will also discuss:
    - Why your data is wanted
    - The new data Protection paradigm
    - Live Hacking demo
    - What’s next and what to do now to remain on the safe side

    Join the webinar to find out what you should know about Data Protection, how Cloud, IOT and big data impact your information security solutions and to how to keep your data safe.
EMEA Data Protection Solution Webinars
EMEA data protection solution webinars designed for enterprise end users, distributors and resellers.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Secure payment vulnerabilities with Point-to-Point encryption
  • Live at: Apr 24 2014 2:00 pm
  • Presented by: Paul Hampton, Product Manager, SafeNet
  • From:
Your email has been sent.
or close