PCI DSS or short for Payment Card Industry Data Security Standard, is designed as a security protocol that has been agreed upon by industry for applications in Credit card payment systems. Due to ever increasing problems and losses incurred by firms due to credit card fraud they have agreed to implement a data security protocol that encrypts data in transit to the various local card centers. The standard calls for a unified set of rules or parameters to be used in card centers to prevent and maintain security at all levels from the retail store where the data is collected, in-transit as it travels through the internet and as it is processed and stored in the data centers.
IBM has introduced the first PCI-DSS End to End system for implementation on the HughesNet Broadband Network Service. At a time when compliance is at a mere 50% these types of data security become imperative to prevent more losses and other problems associated with fraud and other criminal activities. The standard also applies and recognizes the needs of wireless networks through which a set of analytic and diagnostic processes are required. The PCI Standards Security Council who formulated the said standards are in constant process of reviewing and revising the said set standards as needed due to the ever-changing status of the internet and the business that goes through it.
Around 90% or more of most credit card transactions go through a public network in one stage or another as it makes its way to the central data center which makes it vulnerable to attack. The adoption of cheaper high-speed internet has companies turning to the public net opposed to the previously expensive dedicated T1 lines usually used by businesses. It also allows transaction data to be transferred through one single phone line thus lowering overhead costs making it the better choice for businesses.
Search Results for: PCI DSS
Financial Institutions – Prime Phishing Targets
Banks and other financial institutions are the most attacked institutions in the world which accounts for millions in losses according to RSA, one of the IT Industry’s leading security firms. The rise has been foreseen and predicted for many years yet banks are simply not taking it too seriously. Phishing involves the leeching of client information from bank networks for use in scams and fraud. This type of attack sits next to identity fraud and credit card fraud as the most expensive financial loss generators for the banking industry. The phishing attacks target mostly US based firms with the UK ranking second. Many countries are following as targets for phishing by hackers who aim to use the information they obtain for personal gains.
The banking industry is considered to be one of the most secure and IT dependent industries in the world but the diversity and sheer number of attacks is taking its toll on their systems prompting them to take notice. Credit Card fraud alone accounts for billions in losses worldwide that is suffered by financial institutions adding to that the newer types of attacks making it an IT Security Managers worst nightmare. In Europe, Germany is hailed to be the financial hub in the region yet it has managed to repel attacks which isn’t the same with it’s other neighboring countries. More strict legislation might be needed to deter criminals who now opt to use computers rather than a gun which is safer and involves less effort.
The Credit card Fraud problem is being addressed by the implementation of PCI DSS which is to secure and prevent hackers from getting card customer information while it is in transit over the network. The attacks now focus on more public domain which is the internet through social networks which is where most phishing attacks usually occur.
Paypal Boosts security
In efforts to boost security, Paypal, one of the premier internet online payment providers is moving to block users who use older browsers to prevent weaknesses that these browsers possess. They have found that many users online still use old Microsoft IE 3.0 and 4.0 which have ended their support life a long time ago hence they do not have the needed updated security updates that are necessary to conduct safe and secure online transactions with regards to payments and other related business. Paypal has had a lot of bad publicity with regards to phishing and infiltration where people intercept and go on fake bidding sprees just to get at the vital financial information that people usually share over the network. In hopes of boosting security, they will be using script detection to begin blocking users and that they do apologize for all the inconvenience this may cause the millions of users who may be affected by their move. This comes as the amount of identity theft and other crimes have increasingly entered their ranks ending in much stolen information that leads to credit card fraud. Being the biggest, they are the most viable target for such hackers and they are trying to boost security on that front of the deal.
This would hopefully prevent more cases from developing and that any new ones will be ‘nipped in the bud’ so to speak.
Paypal and eBay have offered select users with a distinct security keys using VeriSign passwords that is to be transmitted during payment transactions which aims to prevent interception of the transaction information as it travels through the internet. Unlike specific credit card transactions that travel through dedicated lines which are now slowly being protected by PCI-DSS for improved security, regular PC do not have that much security hardware installed to protect them from interception by hackers who could tap into the network getting all credit card information for illegal purchases.