21 November 2014

44975

Retired Member

699 | posts 2,192,741 | views 833 | comments

Are your payment systems safe and secure?

09 January 2014  |  4114 views  |  0

Are your payment systems safe and secure?

Being a bank, financial institution, processor, merchant or a stakeholder of any part of the payment ecosystem then you most definitely have this thought on your mind and your organizations risk register.

Securing your payments systems is very similar to securing any other asset in the physical/digital world; there are constant challenges in the form of threats, vulnerabilities and attacks.

Furthermore the number of entities and systems involved in the payment ecosystem also means that there are multiple weak links potentially open to exploits. Hacking, vulnerability exploits, penetration, code injection, denial of service - all scary words when it comes to the digital world and when it comes to the online payment ecosystem this could also mean huge financial and reputation impact. The good vs. evil fight is perpetual, as organizations evolve and upgrade their systems, deploy tools and techniques and security frameworks to mitigate, the perpetrators are catching up.

Organized crime gangs, rogue employees, greedy individuals have ready access to physical devices and software stack they can use to execute their projects.

Your strategy would typically be to work with your security expert/external consultant to identify the chinks in your armour and deploy reinforcements, and this a continuous process.

PCI SSC (Security Standards Council) is one such body, one such standard for compliance and certification; you should look them up to get a deep dive. 

Typically standards and frameworks provide a consistent and repeatable set of rules for the industry to follow, in the case of PCI it is payment domain focused. The PCI DSS (PCI Data Security Standard) provides the framework for setting up and managing the security process for your card related systems. The PCI SSC was founded by 5 major brands American Express, Discover International, JCB International, MasterCard Worldwide and Visa Inc, to bring in a consistent method of implementing and managing card security, the requirements are that all organizations that process store or transmit card information need to secure themselves through the PCI standards as well brand specific mandates.

Bottom-line is that like any standard or process compliance and certification is just one part, the other part being enforcement, auditing and re-validation to ensure that there is a continuous process to remain secure.

I will follow up this post with further thoughts in the context of compliance vs. certification, securing environments vs. securing applications.

 

TagsSecurityPayments

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

7-day account switch: customer empowerment or indifference

18 June 2014  |  1888 views  |  1  |  Recommends 0 TagsRisk & regulationRetail banking

On Reinventing Money.

03 June 2014  |  1272 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Operational Lessons for New Boutique Asset Managers

27 May 2014  |  649 views  |  0  |  Recommends 0 TagsRisk & regulation

Trading System Failures Cannot Be Our Norm

21 May 2014  |  1505 views  |  0  |  Recommends 0 TagsRisk & regulationInnovation

Around the Clock Tweeting

15 May 2014  |  1978 views  |  0  |  Recommends 0 TagsMobile & onlineRetail banking
name

Retired Member

job title

company name

member since

2014

location

Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who is commenting on Retired's posts

Rasvan Stanescu
Sian Bentley
Tony Wenzel
Jorge Yui
Ketharaman Swaminathan
Mark Pavan
Vishal Chaturvedi
Matt Scott
Geoffrey Barraclough
Thad Peterson
Marinka Ryan
Alexander Peschkoff