This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

CSIT Summit: Visa Europe say 'right to be forgotten' law cannot work

Share this article:

User expectation on mobile payments and privacy needs to be realistic, until a solution emerges.

Speaking at the Centre for Secure Information Technologies (CSIT) conference in Belfast, Colin Whittaker, vice president of payment system risk at Visa Europe, criticised proposed changes to the European Data Protection Directive as he said that 'the industry is not ready to be forgotten', and he complimented the Information Commissioner's Office (ICO) on their response.

He said: “The point is that to make something secure, you need one technology to close it down and make it secure, and the other problem is that users want to do more with their technology and they are missing the point. We need to balance both sides of the ecosystem.

“We keep data to manage trends and we need it to meet our obligations for law enforcement and can use encryption and tokenisation to do it in an efficient manner. The proposed directive changes say what the expectations are on privacy and anonymity and and we are clear on when we need that data and we need direction on data.”

Whittaker also talked about the challenge of modern payments for Visa Europe, especially as mobile devices become more prevalent. He said that most threats at the moment are to do with secure web design, vulnerabilities and multiple platforms with the expansion of mobile and tablet devices.

He said: “We want to accept payments via mobile as users have the expectation to do so and we need to facilitate that and accept that there are vulnerable applications. What we want to do is avoid using PIN numbers and cards on a mobile device, it is not sensible. There was a suggestion that a user could take a photo of their card and submit it, I said that is not a good idea!

“We have got to find a strong way to connect the mobile, secure the data and send it and trying to avoid a solution that does anything stupid. We are trying to promote a way with mobile that avoids additional accessories around and the risk that they provide.”

Whittaker said that the biggest challenge is user expectation, and there needs to be a way to educate politicians 'as society debates this and we want to do everything we can with the technology we are given'.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...