|
E-businesses must ensure business continuity because every minute or hour lost due to downtime means lost and potentially unrecoverable revenue. They must also ensure that the data provided by customers is secure from interception, modification, loss and repudiation.
Credit card processing is the act of taking a credit card number from a cardholder and authorizing it for payment. A company can perform this function in-house or outsource it. The "high risk" part of it comes into play when the systems involved for processing the transaction are compromisable.
Most of the systems involved in credit card processing use a form of point-to-point encryption to make the contents of your credit card secure, however each individual system could be compromised, exposing any decrypted credit card data. And this is where the real risk comes into play. Each point in the link between card swipe to backend database has the potential to be compromised with a vulnerability and then allow an attacker to view the sensitive information.
The keys to strategic security for online payment card processing are:
- Securing end-to-end: Use secure socket layer (SSL) technology
- Securing every point along the stream, from the card swipe device to the backend database
- Educating IT/security managers on best practices and common security pitfalls
- Becoming strategic security by accurately scanning for critical network vulnerabilities on a daily basis, prioritizing the vulnerabilities in terms of risk to your e-business {i.e., anything that if exploited could compromise data or result in a Denial-of-Service (DoS) attack}, then implement the critical patches in a timely fashion, and ensure that the patches are complete -- before an exploit can occur.
|
