All Top Banking

Businesses Told to Treat Card Data Like Cash

Posted by John B. Frank Monday, October 20, 2008

Treat card data like cash, businesses warned | 20 Oct 2008 | ComputerWeekly.com
Businesses put themselves at risk of fraud by failing to put the same level of security around credit and debit card data as they use for cash.

"Many businesses still do not view card payment data as cash in hand, which it is," Connie Penn who chairs the Forum for Chip and Pin for the hospitality industry and manages the Payment Card Industry Data Security Standard (PCI DSS) program for the Post Office.

No company would move cash without physical security, but many still question the need to encrypt card data, she said.  "It fascinates me that they do not see card data as cash, and yet it is. Every merchant employs tight business practices around their cash, but they don't do the same with card data."

This needs to change, particularly as the number of card-based transactions continue to increase, she said, making it more important than ever for merchants to follow best practices in the PCI DSS.

According to Penn, the latest version of the PCI DSS, released on 8 October, is much easier to use than previous versions. "Version 1.2 provides greater consistency and removes a lot of the ambiguity that was causing difficulty," she said.

Penn is to run through the details of each of the standard's redrafted 12 requirements with members of business IT user group the Corporate IT Forum, in London on 30 October.  "My message will be that there is nothing to fear because the good news about version 1.2 is that it gives a lot more clarity on what businesses must do to conform to the standard," she said.

Version 1.2 clarifies, for example, that all operating systems used for card payment processing must run anti-virus software, and not just Microsoft Windows as many users had thought.

The new version also gives a clear cut off date for switching from the Wired Equivalent Privacy (WEP) security algorithm for wireless networks to the stronger Wi-Fi Protected Access (WPA) standard.

No new WEP implementations will be allowed from 31 March 2009, and the use of WEP wireless networks must be discontinued by 30 June 2010.

These are two of the two most important of the 100-plus clarifications and explanations that Penn is to discuss at the Corporate IT Forum workshop later this month.  It will be another two years before another version of the standard is released, but the PCI Security Standards Council will publish best practice guidelines as threats emerge.

In the coming year, for example, the council is to set up special interest groups to discuss what should be done to protect virtual machines used in processing card payments.  "These discussions will result in best practices based on consultation with all the stakeholders before they are mandated in future versions of the standard," said Penn.

Reblog this post [with Zemanta]

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio