Tokenization of credit card data.
While EMV is an improvement over 40-year-old magstripe technology in use in the US, it is not a panacea. EMV is already 15-years-old, and while it does improve security at point-of-sale terminals, fraud may still be a problem when a physical card is not used. Given the increase in online and mobile payments, that's a pretty significant hole. But people are looking beyond EMV towards the next layer to improve payment card security. In February, a group of 22 of the world's largest banks called for tokenization of payment card data. And in September, this technology got a big boost as Apple announced Apple Pay, which will include tokenization.
Improvements in Two-Factor Authentication (2FA)
Last year seemed to be the year of 2FA, with a number of major sites and services adding this functionality to their user accounts. This year, that trend continues to pick up speed. This year, both Google and Apple announced improvements to their authentication offerings. After the iCloud leak in September, Apple increased the range of information protected when users add 2FA. In October, Google added support for a hardware device called Security Key, which is a stronger second factor of authentication.
While there is a long way to go in security, it's important to acknowledge victories. We can all point to horrible events in security, and many of those were allowed to pass with little change beyond the one affected vendor. As more people become aware of security, and feel the pain of its absence, they are demanding stronger improvements to protect them in the future. What are you thankful for in 2014?
Sign up for Computerworld eNewsletters.