It seems Target was breached, really seriously, and 40 million credit card PINs were stolen. However – and here is the ‘glass half full’ part in what otherwise would be a complete disaster – since the master key for the encryption of the credit card PINs was separate from the breached Target system, it is claimed the bad guys cannot unencrypt those PINs. Target is therefore able to claim a kind of ‘Safe Harbor’: that the key to decrypt the data could not have been taken, and “The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.
As security breaches multiply, and especially with the risks associated with cloud computing, security in the cloud should follow strong principles – even stronger than those Target followed – and then even if something bad happens you can still have Safe Harbor. We recently talked about Safe Harbor at length in the specific context of Healthcare, but it holds equally for credit cards.
The new technologies of split key encryption and homomorphic key management enable Safe Harbor – even when things go wrong. And the benefits of cloud computing mean that these unique capabilities are now available for all Enterprises.
Check out the talk we gave here, and right here below is the slide deck we showed: