Paul Kleinschnitz

ACQ Subscribe

Paul Kleinschnitz, general manager of payment processor First Data's cybersecurity solutions team, says there are plenty of technologies to address payment card security, but cyberthreat awareness is still lacking.

Advanced payments technologies, such as chip cards, tokenization and end-to-end encryption, are quite effective at stopping card fraud when they're all used as part of a comprehensive approach, Kleinschnitz says.

But many U.S. merchants don't fully understand the threat landscape - and the necessary steps to take to mitigate threats, he says.

"It's not really about finding new technology or a solution," Kleinschnitz says during this exclusive interview with Information Security Media Group. "It's really about educating our clients about the threats," and collaborating more with industry partners about how to address those threats.

"This is something that First Data is taking very seriously," he adds. "Every 18 seconds there is a cybervictim. Cybercrime has become the most profitable organized crime ... and merchants are definitely taking a closer look, as they should be."

But many smaller merchants that don't truly understand the types of attacks that are striking mega-retailers, such as Target Corp. and Neiman Marcus, are coming up short when it comes to risk management, Kleinschnitz says.

Advanced chip card technology, such as technology that conforms to the Europay, MasterCard, Visa standard, is very effective at stopping card-present fraud at the point of sale, he explains. But it only addresses one aspect to card fraud, which has left many retailers questioning its value.

This is why a layered security approach, which incorporates chip technology, such as EMV, along with tokenization and end-to-end encryption, is so essential, Kleinschnitz says.

"One of the inhibitors to adoption in this space, in my opinion, has been a lack of knowledge of how these technologies work together, rather than compete," he explains. "For example, EMV's purpose is authentication. ... But as you continue through the payment process, you should be concerned about securing the rest of that transaction."

During this interview, Kleinschnitz discusses:

Programs that First Data is launching to educate merchants about emerging risks and threats; How industry collaboration is strengthening the payments chain; and How recent retail breaches have spurred more interest in EMV and other advanced technologies.

Kleinschnitz's team oversees integrated technologies that help merchants and financial institutions manage cybersecurity and fraud. He is responsible for guiding First Data's cybersecurity initiatives and equipping clients with defenses. Before joining First Data in 2013, Kleinschnitz worked for RSA, The Security Division of EMC, as a data and payments security leader for the Americas. He has more than 15 years of experience as a threat management professional, with a career spanning security solutions, product development and consulting.