Beautiful Trade/Intro - Revision history

Ebellis at 02:10, 30 June 2009

Ebellis — Tue, 30 Jun 2009 02:10:05 GMT

←Older revision		Revision as of 02:10, 30 June 2009
Line 26:		Line 26:
	networks and systems contain legacy applications and operating systems that make it difficult		networks and systems contain legacy applications and operating systems that make it difficult
	to secure the payment data.		to secure the payment data.
		+

	[[Image:intro.png\|center]]		[[Image:intro.png\|center]]
		+
		+
		+	FIGURE 5-1. Credit card data proliferation
		+
		+	But what if we took another approach? What happens when we throw out a lot of today’s
		+	assumptions around electronic payments and e-commerce and assume that the merchant
		+	shouldn’t have to store the data at all? What if we never even handed this sensitive information
		+	over to the merchant in the first place? As we can see, one of the primary difficulties in securing
		+	this data is identifying all the places to which it travels. But what if this no longer mattered?
		+	Or at least mattered significantly less?

Ebellis at 02:08, 30 June 2009

Ebellis — Tue, 30 Jun 2009 02:08:22 GMT

←Older revision		Revision as of 02:08, 30 June 2009
Line 26:		Line 26:
	networks and systems contain legacy applications and operating systems that make it difficult		networks and systems contain legacy applications and operating systems that make it difficult
	to secure the payment data.		to secure the payment data.
		+
		+	[[Image:intro.png\|center]]

Ebellis at 21:54, 29 June 2009

Ebellis — Mon, 29 Jun 2009 21:54:17 GMT

←Older revision		Revision as of 21:54, 29 June 2009
Line 18:		Line 18:
	back-office applications, acquiring banking networks and systems, issuing banks, and card		back-office applications, acquiring banking networks and systems, issuing banks, and card
	association networks.		association networks.
		+
		+	Some of these merchants (affiliates) may resell items on behalf of other merchants, while other
		+	merchants (packagers) bundle merchandise and services from various providers and resellers.
		+	This currently means that the data must pass through all of the service providers and secondary
		+	merchant systems as well, increasing many times over the number of places where sensitive
		+	payment data is housed (see Figure 5-1). Finally, degrading safety further, many of these
		+	networks and systems contain legacy applications and operating systems that make it difficult
		+	to secure the payment data.

Ebellis: New page: INFORMATION SECURITY HAS ALWAYS BEEN ONE OF THE LARGEST BARRIERS to e-commerce. Those of us who spend most of our waking moments thinking of new and different ways to secure these system...

Ebellis — Mon, 29 Jun 2009 21:53:38 GMT

New page: INFORMATION SECURITY HAS ALWAYS BEEN ONE OF THE LARGEST BARRIERS to e-commerce. Those of us who spend most of our waking moments thinking of new and different ways to secure these system...

New page

INFORMATION SECURITY HAS ALWAYS BEEN ONE OF THE LARGEST BARRIERS to e-commerce.
Those of us who spend most of our waking moments thinking of new and different ways to
secure these systems and applications know it starts with the data. After all, it’s information
that we are trying to protect.

One of the primary challenges in e-commerce security is coming up with practical ways to
secure payment transaction data. This term means a lot of different things to a lot of different
applications, but for the purpose of this writing, let’s focus on credit card data such as account
numbers, security and CV2 codes, PIN numbers, magnetic stripe data, and expiration and issue
dates. We will also include extra data we deem necessary to make this process more secure,
such as to authenticate or authorize a transaction.

Let’s look at the possible points of failure for credit card information. When a consumer makes
a purchase using his credit or debit account where a card is not involved, whether online or
offline in a scenario such as a phone purchase, he supplies this data to the merchant in order
to prove he has the resources or credit to pay for the merchandise. This data passes through
various systems within and beyond the merchant environment through payment gateways,
back-office applications, acquiring banking networks and systems, issuing banks, and card
association networks.