PCI DSS or short for Payment Card Industry Data Security Standard, is designed as a security protocol that has been agreed upon by industry for applications in Credit card payment systems. Due to ever increasing problems and losses incurred by firms due to credit card fraud they have agreed to implement a data security protocol that encrypts data in transit to the various local card centers. The standard calls for a unified set of rules or parameters to be used in card centers to prevent and maintain security at all levels from the retail store where the data is collected, in-transit as it travels through the internet and as it is processed and stored in the data centers.
IBM has introduced the first PCI-DSS End to End system for implementation on the HughesNet Broadband Network Service. At a time when compliance is at a mere 50% these types of data security become imperative to prevent more losses and other problems associated with fraud and other criminal activities. The standard also applies and recognizes the needs of wireless networks through which a set of analytic and diagnostic processes are required. The PCI Standards Security Council who formulated the said standards are in constant process of reviewing and revising the said set standards as needed due to the ever-changing status of the internet and the business that goes through it.
Around 90% or more of most credit card transactions go through a public network in one stage or another as it makes its way to the central data center which makes it vulnerable to attack. The adoption of cheaper high-speed internet has companies turning to the public net opposed to the previously expensive dedicated T1 lines usually used by businesses. It also allows transaction data to be transferred through one single phone line thus lowering overhead costs making it the better choice for businesses.
Archives for December 2007
It Security – Interpol
The threat of IT security has reached such a level that even Interpol has gotten involved in the action. Many crime syndicates operate beyond the normal bounds of borders and business organizations that the Policing Agency has information for all concerned regarding the security and intrusion prevention of computer systems.
The said Interpol IT Security document aimed for investigators of crimes related to IT security, highlights the need for an established set of rules that should be enforced for all people in business or other locations such as the home and elsewhere. In the said document, there is an extensive article that deals with information interception which is now becoming the most prevalent form of attack on networked computers. Firewalls are also not that effective if not configured properly and the addition of an internal and other security is needed to increase the level of protection that is needed. File deletion as may of us in the IT community knows deletes only the directory entry of the said file and not the file itself. It can be compared to deletion of a filing cabinet label without actual removal of the folder that contains the document itself. Utilities like Wiperaser Ultra for clearing deleted data are available on the market which routinely scans all tagged free-space on a hard drive and erases all the data contained within. There are also utilities available for the recovery of deleted files like software from Handy Recovery, a data recovery software which can prove valuable in security breach investigations checking for unauthorized files in an employee’s workstation. There are even recovery companies who specialize in recovery of data from tragically destroyed hardware such as those that have suffered fire damage and many more such as SalvageData whose specialty is to recover information from damaged hardware.
Credit Card Fraud Peak Season
True, the holiday’s is the hottest time when credit card fraud runs into the millions of dollars. There are many incidents of fraud out on the market and shopping is a very casual task many take for granted. A leading credit card company from the US reported losses in the millions of dollars that they do not readily publicize for it has an impact on their customers confidence in their systems.
There is no true protective measure for something as small and compact as a credit card which in the wrong hands can cost you a few hundred dollars or even max out your credit limit. Crime syndicates use the said tactic for their illegal activities where they have people who handle these fraudulent transactions. There is still a wide open gap when it comes to credit card which may be covered by newer fool-proof security. The addition of biometrics to the standard card swipe can provide an added level of security along with fingerprinting.
Simple steps can also be taken to prevent these actions towards you such as being careful where and when you use your credit cards. When paying, be sure to have in plain sight the reader or terminal where the card is swiped to be sure they are used only for the intended purchase a card fraud scheme wherein a separate card reader is used to record the information contained within the card has been going on for a long time where the captured information can be used for purchases. Before signing the print-out or receipt, be sure to check all details such as the purchase amount and other such vital information. If you do end up loosing a credit card or your whole wallet, immediately call your card company so the said card can be tagged as stolen so further purchases are not billed to you. If there happens to be any inaccuracies in your card’s statement, call information at once for there may be a problem with your card of worst somebody may have already copied the information from your original card. Vigilance and awareness is the key so be on the lookout for any dubious people around you. Keep safe people and a Merry Christmas to all.
The Security problems of Torrents
Ever since it was introduced, torrents have flourished into one of the world’s most widespread file sharing protocols in use today. It was introduced as a method of sharing huge files without the worries of heaving one source or having to consider the varying bandwidth’s people are linked to the internet through all the world’s providers ( different providers offer different bandwidths and speeds and they vary from country to country). The system is a no-fuss file transfer protocol that does not rely much on bandwidth. Another advantage is that there is no spy-ware or pop-up advertising on bit-torrents.
The system has a server that hosts the bit-torrent file sharing system and all the users have a client side program that connects to that said server facility. When a user conducts a search, the server provided the user with the most likely source of the said file and allows the user to get the said file from those sources that are mirrored or specified in the server’s database. The future of bit-torrents is to eliminate the need for centralized servers running the host applications and to get both server-side and user or client side programs installed onto a pc without a need for the remote server.
Now for the dark side, the said ongoing improvement of eliminating the server side of the system is to eliminate the need for toughened security at the server end where one can get the history and IP addresses a user has gone through. There is also growing concern for the said file sharing technology has now being used as a propagation grounds for pornographic materials over the internet. Do a quick search on torrents sites and you’ll se what I mean. Also, being a straight-forward file sharing system, as the data travels through the internet anyone intercepting the said file can easily get any information they want for the simplified processing and file transfer is accomplished by taking away most of the security features other systems employ. The elimination of security makes transactions (file transfers) faster but less safer and vulnerable to attack.