Strategies for Landing an Oracle DBA Job as a Fresher
Sgsits cyber securityworkshop_4mar2017
1. Cyber Security Issues in
Payment Card Industry
by
Anil Kumar Jain
Security Consultant, Indore.
Contents are based on PAYMENT SECURITY EDUCATIONAL RESOURCES, ,
PCI Security Standards Council, LLC.
Presented at workshop on “Cyber Challenges and Security’’ held on
4th March 2017 at Shri G.S. Institute of Technology & Science, Indore
2. Presentation Agenda
• Security - Global Perception
• Addressing security in Payment Card Industry
• CommonAttackVectors,Vulnerabilities and Exploits
• PaymentTransactions in Card Present Scenario
• PaymentTransaction in Card Not Present Scenario (e-Commerce)
• TopTen Recommendations
4. Hackers rush to cash in on $14 billion in fraud before
chip cards take over in US
In 2016, hacked credit card fraud will reach $4 billion, a record level, and that's
just the beginning of a counterintuitive aspect of the nationwide migration
away from magnetic strip to chip cards.
In the short term, the switch to the chip card technology (known as EMV, which
can process credit cards with embedded smart chips) will cause fraud to
increase.You read that right. Beyond the $4 billion in fraud expected this year,
there will be as much as $10 billion in ....
http://www.cnbc.com/2016/05/06/those-new-chip-cards-will-cause-14-billion-in-fraud-by-2020.html
11. Payment Card Industry Security Standards Council
The Payment Card Industry Security Standards Council was
originally formed by American Express, Discover Financial
Services, JCB, MasterCardWorldwide andVisa International on
September 7, 2006, with the goal of managing the ongoing
evolution of the Payment Card Industry Data Security Standard.
The council itself claims to be independent of the various card
vendors that make up the council.
12. Payment Card Industry Data Security
Standards
Control objectives -- covering People, Process and Technology
1. Build and maintain a secure network
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access control measures
5. Regularly monitor and test networks
6. Maintain an information security policy
13. Security ControlTypes
Security controls are safeguards or countermeasures to avoid, detect, counteract, or
minimize security risks to physical property, information, computer systems, or other assets
15. SKIMMING – 1/2
Skimming is copying payment
card numbers and personal
identification numbers (PIN)
and using them to make
counterfeit cards, siphon
money from bank accounts
and make fraudulent
purchases.
Criminals install equipment at
merchant locations, on point-
of-sale (POS) devices,
automated teller machines
(ATM), and kiosks that
captures the information
from the magnetic stripe.
17. Malware Exploits - 1/4
Recent headlines announcing
organizations falling victim to payment
card breaches are alarming for business
owners.
The Payment Card Industry Security
Standards Council (PCI SSC) shares steps
to take to ensure your organization has
the proper security controls in place to
prevent a breach caused by malware.
21. Phishing & Social Engineering
Attacks- 1/4
Hackers use phishing and other social engineering methods to target
organisations with legitimate-looking emails and social media messages
that trick users into providing confidential data, such as credit card
number, social security number, account number or password.
These attacks are at the heart of many of today’s most serious cyber hacks and
can put your business and your customers at risk.
With a few security basics and ongoing vigilance, businesses can be aware
and defend against these attacks.
25. Ransomware – 1/3
RANSOMWARE ISTHE FASTEST GROWING MALWARETHREAT
Criminals are attacking businesses with a type
of malware that holds business-critical systems
and data hostage until a sum of money is
received.
30. Card Payment
Transaction Process
There are many places card
data travels throughout the
transaction process.
Each player that comes in
contact with card data plays
a vital role in keeping data
safe.
Card-Holder > Merchant >
Acquirer > Card Networks
> Issuer
31. Merchant POS Security: EMV® chip and PCI
EMV chip is proven to cut down on fraud at the
point-of-sale
32. Fight Cybercrime by
Making Stolen Data
Worthless toThieves - 1/3
42.8 million cyber attacks are expected this
year alone. How can businesses eliminate
their data as a target for hackers?
Three technologies - EMV chip, tokenisation
and point-to-point encryption can help
organizations make their customer data less
valuable to criminals.
39. E-commerce Implementation Schemes – 1/7
Merchant-managed e-commerce implementations:
o Proprietary/custom-developed shopping cart/payment application
o Commercial shopping cart/payment application implementation fully managed by the merchant
Shared-management e-commerce implementations:
o URL redirection to a third-party hosted payment page
o An Inline Frame (or “IFrame”) that allows a payment form hosted by a third party to be embedded within the merchant’s
web page(s)
o Embedded content within the merchant’s page(s) using non-IFrame tags.
o Direct Post Method (Form)
o JavaScript Form
o Merchant gateway with third-party embedded application programming interfaces (APIs) or Electronic Data Interchange
(EDI)
Wholly outsourced e-commerce implementations