Protecting Sensitive Information
As e-commerce and m-commerce are becoming more popular and usable they provide new opportunities for its many users. However, as the use of e-commerce and m-commerce grows so does security dreads like fraud, theft, viruses and spam. As a result, Zafar Anjum goes to Hafid Saba, a senior solution specialist in Asia Pacific NetIQ for answerers on how to combat this numerous and destructive security threats.
What are the most important threats that e-commerce and m-ecommerce payments are facing today?
Since e-commerce and m-commerce provide real-time access and new opportunities more and more people are using it. Thus, many dangerous security threats like fraud, theft, viruses, and spam are becoming more and more common. As a result hackers are able to obtain sensitive information like PIN numbers or account information used for mobile banking, personal information/private company information, and they are also able to steal information, remove or add programs, install nasty and destructive worms and even get admission to inner carrier network assets.
There are three vulnerable reasons for the constant security attacks on e-commerce and m-commerce. Number one, hackers are allowed to access the server. Once this happens the second step includes the hacker modifying specific registry keys and codes that ones restarted allows the hacker to put out of action security measures. The third vulnerability allows malicious codes that permits illegal actions and access enter the database.
Information theft is one of the top crime concerns in credit cards. What are some of the steps being taken by commerce to reduce this kind of crimes in credit cards?
Programs that have real-time access also need real-time responses. The numerous treats in commerce demands that security information and event management provide and include automated security measures. With automated security measures in place the need for unnecessary human intervention is reduced because the automated process response to problems in real-time.
Although automatic measurements may be the solution for increasing passwords resets and privilege changes, it is also very important to include assessment reports and entitlement reports from assessment tools to track down the source of the problem. Another important thing to do is to rapidly monitor and find the target the threats to sensitive information.
Automation helps decrease the amount of money spend in security measures, achieves compliance, catches more threats, and helps the efforts of compliance within a company grow.
What is Payment Card Industry Data Security Standard (PCI DSS) compliance and what is the role of PCI DSS in compliance security?
PCI DSS (Payment Card Industry Data Security Standard) is a global data security measurement issued by the Payment Card Industry Security Standards Council. This security measurement helps business that use and process credit card payments prevent credit card fraud. However, PCI DSS has become a hot topic since its second release in 2006 because the cost of putting it into practice is much hire than the fines received if PCI DSS is not installed; thus, many retailers are unwilling and hesitant to use it. As a result, as of lately credit card companies had to take bigger and harder approaches to force retailers to use PCI DSS. However, despised many companies, like Heartland Systems in the United States, used PCI DSS and still experience security break ins, thus, the number of complains regarding the mandated use of this security measurement is rapidly growing.
By implementing security measurements you can not come to the conclusion that you are absolutely covered against security threats. Security programs like PCI DSS target and monitor your security during particular times and PCI DSS has been successful in highlighting problems, thus telling providing companies with a better method to store their credit card information which results in safer credit card usage. Although using security programs like PCI DSS are not enough by themselves, it is a great start to prevent security threats.
PCI DSS is very costly, thus, it requires you to spend a lot of money in security. As a result, companies are being fined more often due to the lack of security standards, thus, more business are beginning to invest heavily in better credit card data security. When the top management of these companies see the great amount of money being spend in security measurements and they expect this cost to benefit the business on the whole. They believe that success and security go together and this is where the problem begins because they need to understand that security is something that always needs attention. Instantly PCI DSS in your system should not give you a sense of security because technology and its treats are always changing and evolving, thus, the part of your system that is safe today may easily be at risk tomorrow.
Do you believe mobile-based payments will replace credit card payments in the next few years and how will this change affect the current security standards and setup? What changes need to be done?
Mobile devises and their usages are rapidly increasing. As a result, the business usage of these devices brings new security challenges and problems because today mobile devices are like mini computers that need as much attention as your desktop. Things like making payments through your mobile device are going to increase because banks are providing websites that make this process easy and retailers will also be able to process payments made through a variety of mobile devises.
It is important to understand that security alertness has not change, which means that security measurement inside organizations are still relevant to the newest devises. In addition, as time passes by new technology and measurements are going to be needed to help maintain mobile-based payments safe. However, you need to keep in mind that the general safety of your organization does not need to change because of the new technology; it just needs to be upgraded and reinforced.
In general, how can compliance monitor your company safety and help keep its sensitive information safe?
Although adding compliance to your company is a start to your security team so it can do an outstanding job, it can not substitute regular and detailed analysis of treads from the inside or outside and you can not forget to pay close attention to holes that may still exist in the security process of your company. Both security and compliance are important measures that need to be taken to maintain security and the top managers of business need to understand this and supply their business with enough money and recourses to make their security top class.
Protecting sensitive information is an ongoing business that needs dedication, money, and the support of top managers (senior management). Measuring the effectiveness of your safety is not an easy task; therefore, you need to keep coming up with better ideas that completely monitor your network. Thus, you need to keep yourself up to date on what’s happening on security measurements and keep your resources working on better ways to keep your information secure.
The process and measurements you need to take to keep sensitive information secure its still rather new and explaining compliance and security measurements to senior management is not an easy task but it is a task that can not be ignored. If companies do not begin to educate their employees in charge of security the benefits of compliance and its practices will go to waste.