This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

CSIT Summit: Visa Europe say 'right to be forgotten' law cannot work

Share this article:

User expectation on mobile payments and privacy needs to be realistic, until a solution emerges.

Speaking at the Centre for Secure Information Technologies (CSIT) conference in Belfast, Colin Whittaker, vice president of payment system risk at Visa Europe, criticised proposed changes to the European Data Protection Directive as he said that 'the industry is not ready to be forgotten', and he complimented the Information Commissioner's Office (ICO) on their response.

He said: “The point is that to make something secure, you need one technology to close it down and make it secure, and the other problem is that users want to do more with their technology and they are missing the point. We need to balance both sides of the ecosystem.

“We keep data to manage trends and we need it to meet our obligations for law enforcement and can use encryption and tokenisation to do it in an efficient manner. The proposed directive changes say what the expectations are on privacy and anonymity and and we are clear on when we need that data and we need direction on data.”

Whittaker also talked about the challenge of modern payments for Visa Europe, especially as mobile devices become more prevalent. He said that most threats at the moment are to do with secure web design, vulnerabilities and multiple platforms with the expansion of mobile and tablet devices.

He said: “We want to accept payments via mobile as users have the expectation to do so and we need to facilitate that and accept that there are vulnerable applications. What we want to do is avoid using PIN numbers and cards on a mobile device, it is not sensible. There was a suggestion that a user could take a photo of their card and submit it, I said that is not a good idea!

“We have got to find a strong way to connect the mobile, secure the data and send it and trying to avoid a solution that does anything stupid. We are trying to promote a way with mobile that avoids additional accessories around and the risk that they provide.”

Whittaker said that the biggest challenge is user expectation, and there needs to be a way to educate politicians 'as society debates this and we want to do everything we can with the technology we are given'.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

DEBATE: Insuring against regulatory penalties

DEBATE: Insuring against regulatory penalties

Sarah Stephens and Becky Pinkard discuss cyber insurance

Movers and makers: September-October

Movers and makers: September-October

The latest news on the people and companies at the forefront of information security.

THREAT OF THE MONTH: SVPENG

THREAT OF THE MONTH: SVPENG

Etay Maor dissects SVPENG - what it is and how to prevent it.