How could Experian allow decryption of 15 million Social Security Numbers?
How could Experian allow decryption of 15 million Social Security Numbers? We know that most banks limit the amount you can withdraw from an ATM on a daily basis to limit fraud.
Encryption and decryption is only a way to enforce a security policy. A security policy can be applied to encryption or tokenization services. The PCI DSS Tokenization Guidelines, released 2011, suggests that tokenization systems can be configured to throttle or reject abnormal requests, reducing the potential exposure of unauthorized activity.
Also the Visa Tokenization Best Practices guide for tokenization, released in 2010, suggests that tokenization systems can be configured to throttle or reject abnormal requests, reducing the potential exposure of unauthorized activity.
I suggest that also all encryption/decryption services should apply similar rate limiting rules to prevent or limit theft of sensitive information from databases.
Ulf Mattsson, CTO Protegrity