Keeping Credit Card Data Safe

Having your credit card stolen is a major concern for any cardholder. Combine that with the responsibility of buying supplies for the government and it is enough to lose sleep over.  Attacks on payment card processing systems are on the rise. Organized internet thieves target all sizes of on-line merchants. According to a study by the University of Michigan, 76 per cent of websites from 214 US financial institutions suffer from at least one security design flaw that prevents secure usage (you can find the full report at http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf).

No one is completely safe.

Fortunately, there’s a clear path of action for merchants that can help prevent compromise of payment card data. The Payment Card Industry Data Security Standard is the authorized program of goals and associated security controls and processes that keep payment card data safe from exploitation. The standard is often called by its acronym PCI DSS or PCI.

This standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands. This includes deploying multiple firewalls within the  ecommerce  system and separating the credit card database from other system processes.

As principle developer of the DOD EMALL eCommerce site, Partnet recognized the vulnerabilities of the system. In 2008, when the Defense Logistics Agency mandated that DOD EMALL be moved into a DISA enterprise data center, Partnet recommended that the ecommerce system network be redesigned to move toward PCI compliance. This was the first time the Department of Defense dealt with this commercial standard. Partnet […]

Protective Plugins for Safer Surfing

How will you stay safe when surfing the web this new year?  We’d like to offer some tips.  Security takes up a large part of our work in building a web site for the DOD.  As we try to keep current on new web attacks, we often find vulnerabilities that cannot easily be fixed.  It seems to take years for web-sites to address the problems.  For example, session side-jacking has been around for years.   But it wasn’t until firesheep made the vulnerability so easy to exploit that major websites like hotmail and facebook have started to address it (Facebook still hasn’t fixed the problem, but they say they are working on it.)

We don’t have to wait years for web-sites and browsers to address these new attacks.  To protect ourselves, we use Firefox or Chrome with an arsenal of pro-active plugins.  Here is a collection of our favorite Firefox add ons that help us use the web more safely.  These are what we recommend to our friends and family.  Here is a list, in order, of the most protective add ons for firefox and why:

NoScript –  turns on and off javascript, java, and flash from web sites.  You can turn these features on for sites you trust.  It helps you consciously think about which pages you trust.  WARNING: This is intrusive and will probably break some web sites the first time you go there.  But it is worth the time to learn how to use it.  Here is a quick video describing how to use it
RequestPolicy – keeps web-sites contained to their own domain, helping prevent cross-site attacks, specifically Request Forgery(CSRF).  Here is a CSRF attack scenario: Suppose you are logged into you bank, […]

By |January 18th, 2011|General, Security|0 Comments|
Google+