Question

Please discuss and explain the Payment Card Industry Standards(PCIS). Also discuss credit card security and give...

Please discuss and explain the Payment Card Industry Standards(PCIS). Also discuss credit card security and give example of security/data breach. What happened and what was done to address the breach

0 0
Add a comment Improve this question Transcribed image text
Answer #1

The Payment Card Industry Data Security Standard (PCI DSS) is a commonly accepted set of policies and processes aimed at optimizing credit, debit and money card safety transactions and protecting cardholders from misuse of their private data. Four main credit card businesses developed the PCI DSS in 2004 together: Visa, MasterCard, Discover and American Express.

The PCI DSS specifies and develops six significant goals.

First, it is necessary to maintain a secure network in which transactions can be carried out. This requirement includes the use of cardholders or suppliers using firewalls that are robust enough to be efficient without causing undue inconvenience. There are specialized firewalls for wireless LANs that are extremely susceptible to malicious hackers ' eavesdropping and assaults. Furthermore, authentication data such as personal identification numbers (PINs) and passwords should not include vendor defaults. Customers should be able to alter such information comfortably and frequently.

Second, wherever it is stored, cardholder data must be shielded. Repositories should be safe against hacking with essential information such as birth dates, mother's maiden names, social security numbers, phone numbers and mailing addresses. When transmitting cardholder information via government networks, the information must be encrypted in an efficient manner. Digital encryption is essential for all types of credit card transactions, but especially for Internet-based e-commerce.

Third, by using frequently updated anti-virus software, anti-spyware programs, and other anti-malware solutions, systems should be shielded against malicious hackers ' operations. All apps should be free from bugs and vulnerabilities that could open the door to exploits that could stolen or alter cardholder information. To guarantee the greatest possible amount of vulnerability management, patches provided by software and operating system (OS) suppliers should be installed frequently.

Fourth, it is necessary to restrict and control access to system data and activities. Cardholders should not be required to provide business data unless those companies need to understand that data in order to safeguard themselves and perform a transaction efficiently. A distinctive and private identification name or number must be allocated to any individual using a laptop in the scheme. Both physically and electronically, cardholder information should be shielded. Examples include the use of document shredders, avoiding unnecessary duplication of paper documents, and dumpster locks and chains to deter criminals who would otherwise rummage through the garbage.

Fifth, networks must be tracked and tested on an ongoing basis to guarantee that all safety measures and procedures are in location, function correctly, and are kept up-to-date. For example, the latest definitions and signatures should be provided for anti-virusand anti-spyware programs. These programs should scan commonly, if not continually, all information exchanged, all applications, all random access memory (RAM) and all storage media.

Sixth, all participating organizations must define, maintain and follow a formal information security policy at all times. Implementing steps such as audits and penalties may be essential for non-compliance.

Security of credit cards:

Credit cards have a range of built-in fraud defenses and the financial sector is constantly creating better instruments to fight fraudsters. Here are today's two most popular safety measures in credit cards. Fraud monitoring One of the reasons why card firms track your expenditure is to catch fraud. Financial organizations create systems that automatically detect inconsistencies in client expenditure in order to prevent losses— as fraud costs banks cash.

If you use your card fraudulently, you probably won't be responsible either. Many banks and card suppliers— particularly big ones like Chase, Bank of America, Visa and Mastercard — offer fraud protection "zero liability." That implies you will not have to pay anything if your card is lost or robbed. Even if you owe cash for a fraudulent transaction, you can only be charged up to $50 in federal law regulations.

You may have recently received a fresh card from your card supplier with a shiny chip inside. If so, you got a chip card, also known as an EMV card. EMV stands for Europay, Visa and Mastercard.

A chip card is comparatively safe because each time it is used it encrypts account data differently. On a magstripe card, on the other hand, information is static, meaning it is easier for criminals and skimmers to obtain.

Worldwide, chip cards have been commonly accepted, but only now is the US following suit. Mostly the US adopts chip-and-signature cards to check your identity with which you register your name.

Meanwhile, many other countries use chip-and-PIN cards that require you to enter a personal ID number. As there is no signature to forge, chip-and-PIN cards are regarded to be safer.

Perhaps we will also upgrade to chip-and-PIN cards someday. We have at least a substantial upgrade from magstripe cards until then.

Credit card breaches:

British Airways may be the highest-profile event of this kind since 2018. Over 380,000 card payments to the airline were compromised in August / September. The hack affected customers who made online reservations, as well as the names of passengers and home addresses. How the violation happened in the first location was originally uncertain. But it was later found that on the company's website a script had been altered which sent client information to an internal database.

In brief, because of a small change that should have been spotted, this all occurred. And not the only one is British Airways. Fellow airline Cathay Pacific encountered a violation in a comparable event in March 2018. This hack led in the robbed of more than 850,000 passport numbers and a comparatively tiny amount of credit cards.

In the near future, we will look at what these breaches have in common. But the primary takeaway is that millions of online purchases are handled by enormous service suppliers every year. And exposing a huge quantity of information requires only a tiny safety supervision.

2. Saks and Lord & Taylor

This is not just a dangerous internet payment. Every buy in-store will jeopardize your credit card. And if that's the same loan card you're using online, a hack's impacts can be even more painful.

In early April 2018, a significant data breach was announced involving Hudson's Bay Co, Saks ' parent corporation, and Lord & Taylor. A group called JokerStash put up details of more than 5 million loan and debit cards for sale.

In fact, these card information came from physical payments in-store at places including the renowned Saks Fifth Avenue.

Although it appears that internet payment details have not been included, this event shows the potential hazards of getting your credit card information in so many separate databases.

3. Marriott Hotels

Because of safety problems with the Marriott hotel chain, up to half a billion individuals had their private data robbed. Moreover, it wasn't a one-off event. In reality, the information in question leaked from 2014 to 2018 over a four-year period. The victims were clients who remained at the Starwood Hotels and Resorts of the company, including Westin, Sheraton, St. Regis, and W Hotels.

The hack was so broad and the hotels ' inaction so glaring that more than 150 of those impacted have now filed a class action lawsuit. The suit focuses on both the level of safety used by the hotels, but also how long it took Marriott to tell customers that something was incorrect.

This specific infringement shows how hard it can be to understand when the details of your card have been broken. You're only likely to find out if: The business openly announces an infringement if you maintain a close eye on your purchases by credit card

4.Orbitz

Orbitz is a Skyscanner and Kayak-like travel reservation aggregator. Another well-known travel site, Expedia, bought it to boost the product variety of the latter.

"From 1 October 2017 to December 2017, the violation occurred when hackers accessed a legacy travel reservation platform and stole information worth two years from January 2016 and December 2017," including 880,000 credit cards.

In March 2018, the firm informed media and clients saying that at the moment of notification, the website in question was not the Orbitz.com live.

Perhaps more worryingly, American Express and other businesses using the Orbitz platform were also affected by the hack. This is a reminder that in one manner or another so many of the instruments and services we use are linked.

Therefore, merely modifying your bank account or credit card details on a single platform may not safeguard your company data from being used or stolen.

5. Panera Bakeries and cafés are likely not the typical targets for information hacks. But in August 2017, that's precisely what Panera endured.

This was actually defined more correctly as a "information leak" than a hack. For an extended period of time, the Panera website exposed millions of customer data in plain text format. It could be seen by any intelligent developer.

What makes this all worse is how this fact was treated by the business. "They are a master class in how not to act when faced with a predicament of cybersecurity," Fortune said.

Panera was advised in August 2017 about the potential for a data breach, but it took more than eight months to recognize and address the safety faults of the site. It originally accused the cyber security specialist who reported being a scammer and seems to have taken no short-term measures to solve stuff.

And the true icing on the cake was the reaction published by the public. It initially said that it affected only 10,000 customers. But reporter Brian Krebs ' inquiries suggest that the real amount could be 37 million clients.

For Panera, this entire event is particularly hideous, and it shows that the businesses with your credit card information are not always particularly interested in defending them.

Add a comment
Know the answer?
Add Answer to:
Please discuss and explain the Payment Card Industry Standards(PCIS). Also discuss credit card security and give...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • What is the worst case of response to a credit card security breach can you find...

    What is the worst case of response to a credit card security breach can you find on the internet? What could the company have done to handle the incident better.

  • State laws regarding data privacy and breach notification laws. Please discuss and explain state laws that...

    State laws regarding data privacy and breach notification laws. Please discuss and explain state laws that protect electronic data. Are the laws broad and lack security specifics? What is the problem due to no one comprehensive federal data privacy or security law.

  • Using the Equifax Data Breach, please explain in a few paragraphs what regulations or laws that...

    Using the Equifax Data Breach, please explain in a few paragraphs what regulations or laws that would have been applicable. Also include a discussion of what penalties were or could have been assessed as a result of the incident. For example, if your incident involved a health insurer with a data breach, HIPAA (medical info), PCI (payment info), and state breach notification regulations might all be applicable. Will give thumbs up if good!

  • PART B Case Study: Perfect Competition in the Credit Card Industry In 1997, over $700 billion...

    PART B Case Study: Perfect Competition in the Credit Card Industry In 1997, over $700 billion purchases were charged on credit cards, and this total is increasing at a rate of over 10 percent a year. At first glance, the credit card market would seem to be a rather concentrated industry. Visa, MasterCard, and American Express are the most familiar names, and over 60 percent of all charges are made using one of these three cards. But on closer examination,...

  • Please list the 6 standards of the nursing process and give an example of each one....

    Please list the 6 standards of the nursing process and give an example of each one. Please define health promotion and health prevention and give an example of each one Inspection, palpation, percussion, auscultation and a patients’ height, weight, blood pressure, temperature, pulse rate and respiratory rate are considered to be what type of data? A. Subjective data B. Objective data C. Symtpmatic data D. None of the above

  • If an organization is going to have a chance at a successful security program they need...

    If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives. Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used. Where should policy writers look to...

  • Can you explain please what is ERP ( enterprise recourse) and give an example of the...

    Can you explain please what is ERP ( enterprise recourse) and give an example of the company/ industry that is currently using it.

  • MGMT SS STATS, an umbrella body that facilitates and serves various Social Security Organizations...

    MGMT SS STATS, an umbrella body that facilitates and serves various Social Security Organizations/Departments within the Caribbean territories, stood poised to meet the needs of its stakeholders by launching an online database, located at www.SSDCI.gov. The database will provide members and the public with access to the full set of services that can (also) be initiated face to face; and it will provide managed, private, secure access to a repository of public and/or personal information. For example, insured persons accumulate...

  • C++ code and also provide comments explaining everything Credit Card Debt The True Cost of Paying...

    C++ code and also provide comments explaining everything Credit Card Debt The True Cost of Paying Minimum Payment Write a C++ program to output the monthly payment schedule for a credit card debt, when each month nothing more is charged to the account but only the minimum payment is paid. The output stops when the balance is fully paid - remaining balance = 0. Input: Data input must be done in a separate function. Input the following: credit card balance,...

  • ALL THE QUESTIONS BELOW ARE BASED ON CYBER SECURITY COURSE. SO PLEASE ASN THE QUESTION. THE...

    ALL THE QUESTIONS BELOW ARE BASED ON CYBER SECURITY COURSE. SO PLEASE ASN THE QUESTION. THE NAME OF THE TOPIC IS "DATABASE AND DATA CENTER SECURITY" In Database and Data Center Security. What is Piggybacking attack? A) Give real life example? B) Give one SQL code example of Piggybacking attack? C) How do you minimize the chances of this attack? Le Q4 Then there isa Piggyback attack a 4 Select the record of the studen whase, name is Robert close...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT