SlideShare une entreprise Scribd logo

Sgsits cyber securityworkshop_4mar2017

Télécharger en tant que PPTX, PDF
A
Anil Jain

Description of Information Security Issues in Payment Card Industry. Content is based on Education Resources as published by PCI Council.

Technologie
1  sur  55
Cyber Security Issues in Payment Card Industry by Anil Kumar Jain Security Consultant, Indore. Contents are based on PAYMENT SECURITY EDUCATIONAL RESOURCES, , PCI Security Standards Council, LLC. Presented at workshop on “Cyber Challenges and Security’’ held on 4th March 2017 at Shri G.S. Institute of Technology & Science, Indore
Presentation Agenda • Security - Global Perception • Addressing security in Payment Card Industry • CommonAttackVectors,Vulnerabilities and Exploits • PaymentTransactions in Card Present Scenario • PaymentTransaction in Card Not Present Scenario (e-Commerce) • TopTen Recommendations
Security – Global Perception
Hackers rush to cash in on $14 billion in fraud before chip cards take over in US In 2016, hacked credit card fraud will reach $4 billion, a record level, and that's just the beginning of a counterintuitive aspect of the nationwide migration away from magnetic strip to chip cards. In the short term, the switch to the chip card technology (known as EMV, which can process credit cards with embedded smart chips) will cause fraud to increase.You read that right. Beyond the $4 billion in fraud expected this year, there will be as much as $10 billion in .... http://www.cnbc.com/2016/05/06/those-new-chip-cards-will-cause-14-billion-in-fraud-by-2020.html
Small businesses globally are a prime target for cybercriminals.
Addressing Security in Payment Card Industry
Payment Card Industry Security Standards Council The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB, MasterCardWorldwide andVisa International on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
Payment Card Industry Data Security Standards Control objectives -- covering People, Process and Technology 1. Build and maintain a secure network 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy
Security ControlTypes Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets
Common AttackVectors, Vulnerabilities and Exploits
SKIMMING – 1/2 Skimming is copying payment card numbers and personal identification numbers (PIN) and using them to make counterfeit cards, siphon money from bank accounts and make fraudulent purchases. Criminals install equipment at merchant locations, on point- of-sale (POS) devices, automated teller machines (ATM), and kiosks that captures the information from the magnetic stripe.
SKIMMING – 2/2
Malware Exploits - 1/4 Recent headlines announcing organizations falling victim to payment card breaches are alarming for business owners. The Payment Card Industry Security Standards Council (PCI SSC) shares steps to take to ensure your organization has the proper security controls in place to prevent a breach caused by malware.
Malware Exploits - 2/4
Malware Exploits - 3/4
Malware Exploits - 4/4
Phishing & Social Engineering Attacks- 1/4 Hackers use phishing and other social engineering methods to target organisations with legitimate-looking emails and social media messages that trick users into providing confidential data, such as credit card number, social security number, account number or password. These attacks are at the heart of many of today’s most serious cyber hacks and can put your business and your customers at risk. With a few security basics and ongoing vigilance, businesses can be aware and defend against these attacks.
Phishing & Social Engineering Attacks- 2/4
Phishing & Social Engineering Attacks- 3/4
Phishing & Social Engineering Attacks- 4/4 HOW HACKERS BREAK IN
Ransomware – 1/3 RANSOMWARE ISTHE FASTEST GROWING MALWARETHREAT Criminals are attacking businesses with a type of malware that holds business-critical systems and data hostage until a sum of money is received.
Ransomware – 2/3
Ransomware – 3/3
Responding to a Data Breach Research shows that an Incident ResponseTeam in place can provide significant savings.
PaymentTransaction in Card Present Scenario
Card Payment Transaction Process There are many places card data travels throughout the transaction process. Each player that comes in contact with card data plays a vital role in keeping data safe. Card-Holder > Merchant > Acquirer > Card Networks > Issuer
Merchant POS Security: EMV® chip and PCI EMV chip is proven to cut down on fraud at the point-of-sale
Fight Cybercrime by Making Stolen Data Worthless toThieves - 1/3 42.8 million cyber attacks are expected this year alone. How can businesses eliminate their data as a target for hackers? Three technologies - EMV chip, tokenisation and point-to-point encryption can help organizations make their customer data less valuable to criminals.
Technologies that protect data in the transaction process – 1/4
Technologies that protect data in the transaction process – 2/4
Technologies that protect data in the transaction process – 3/4
Technologies that protect data in the transaction process – 4/4
PaymentTransaction in Card Not Present Scenario
E-commerce with all CNP Payment Channels
E-commerce Implementation Schemes – 1/7 Merchant-managed e-commerce implementations: o Proprietary/custom-developed shopping cart/payment application o Commercial shopping cart/payment application implementation fully managed by the merchant Shared-management e-commerce implementations: o URL redirection to a third-party hosted payment page o An Inline Frame (or “IFrame”) that allows a payment form hosted by a third party to be embedded within the merchant’s web page(s) o Embedded content within the merchant’s page(s) using non-IFrame tags. o Direct Post Method (Form) o JavaScript Form o Merchant gateway with third-party embedded application programming interfaces (APIs) or Electronic Data Interchange (EDI) Wholly outsourced e-commerce implementations
E-commerce Implementation Schemes – 2/7 An Example Redirect Payment Flow
E-commerce Implementation Schemes – 3/7 An Example IFrame Payment Flow
E-commerce Implementation Schemes – 4/7 An Example Direct Post Payment Flow
E-commerce Implementation Schemes – 5/7 An Example JavaScript Form Payment Flow
E-commerce Implementation Schemes – 6/7 An Example API Payment Flow
E-commerce Implementation Schemes – 7/7 Advantages and Disadvantages of E-commerce Methods
Migrating from SSL and EarlyTLS
TopTen Recommendations – 1/9 Stay Smart in Protecting against Card Frauds
TopTen Recommendations – 2/9
TopTen Recommendations – 3/9
TopTen Recommendations – 4/9
TopTen Recommendations – 5/9
TopTen Recommendations – 6/9
TopTen Recommendations – 7/9
TopTen Recommendations – 8/9
TopTen Recommendations – 9/9

Recommandé

e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
Andris Soroka
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment Security
Tom Cooley
 
E banking & security
E banking & securityE banking & security
E banking & security
Sumeer Sharma
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.
CA Priyadarshan Behera
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
elmira282
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
Kerri Lorch
 
Cybercrime
CybercrimeCybercrime
Cybercrime
deepika28g
 

Recommandé

e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
Andris Soroka
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment Security
Tom Cooley
 
E banking & security
E banking & securityE banking & security
E banking & security
Sumeer Sharma
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.
CA Priyadarshan Behera
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
elmira282
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
Kerri Lorch
 
Cybercrime
CybercrimeCybercrime
Cybercrime
deepika28g
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
DCIT, a.s.
 
E banking security
E banking securityE banking security
E banking security
Iman Rahmanian
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
Titas Ahmed
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
Syeful Islam
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Attacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonlineAttacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonline
RapidSSLOnline.com
 
Computer Security in Banking and bookkeeping
Computer Security in Banking and bookkeepingComputer Security in Banking and bookkeeping
Computer Security in Banking and bookkeeping
Yogi Pratama
 
Atm theft
Atm theftAtm theft
Atm theft
Apurva Sharma
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in Cybersecurity
BakerTillyConsulting
 
Secure Online Banking
Secure Online BankingSecure Online Banking
Secure Online Banking
VASCO Data Security
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
management issues in online banking
management issues in online bankingmanagement issues in online banking
management issues in online banking
Ranjeet Patel
 
A Survey: Fusion of Fingerprint and Iris for ATM services
A Survey: Fusion of Fingerprint and Iris for ATM servicesA Survey: Fusion of Fingerprint and Iris for ATM services
A Survey: Fusion of Fingerprint and Iris for ATM services
IRJET Journal
 
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
Syed Akhtar-Uz-Zaman
 
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift Cards
Christopher Uriarte
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
eCommerce Merchants
 
Internet Banking
Internet BankingInternet Banking
Internet Banking
guestf9788dc7
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
Shivlal Mewada
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
BookStoreLib
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
ITIO Innovex
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
 

Contenu connexe

Tendances

Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
DCIT, a.s.
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
Syeful Islam
 
Computer Security in Banking and bookkeeping
Computer Security in Banking and bookkeepingComputer Security in Banking and bookkeeping
Computer Security in Banking and bookkeeping
Yogi Pratama
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift Cards
Christopher Uriarte
 

Tendances (20)

Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 
E banking security
E banking securityE banking security
E banking security
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Attacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonlineAttacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonline
 
Computer Security in Banking and bookkeeping
Computer Security in Banking and bookkeepingComputer Security in Banking and bookkeeping
Computer Security in Banking and bookkeeping
 
Atm theft
Atm theftAtm theft
Atm theft
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in Cybersecurity
 
Secure Online Banking
Secure Online BankingSecure Online Banking
Secure Online Banking
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet Banking
 
management issues in online banking
management issues in online bankingmanagement issues in online banking
management issues in online banking
 
A Survey: Fusion of Fingerprint and Iris for ATM services
A Survey: Fusion of Fingerprint and Iris for ATM servicesA Survey: Fusion of Fingerprint and Iris for ATM services
A Survey: Fusion of Fingerprint and Iris for ATM services
 
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
 
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift Cards
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
Internet Banking
Internet BankingInternet Banking
Internet Banking
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 

Similaire à Sgsits cyber securityworkshop_4mar2017

Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
Peter Tran
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_Payments
Steve Abrams
 
Experiment
ExperimentExperiment
Experiment
jbashask
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
Tripwire
 

Similaire à Sgsits cyber securityworkshop_4mar2017 (20)

All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_Payments
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
 
Experiment
ExperimentExperiment
Experiment
 
Enforcing Set and SSL Protocols in E-Payment
Enforcing Set and SSL Protocols in E-PaymentEnforcing Set and SSL Protocols in E-Payment
Enforcing Set and SSL Protocols in E-Payment
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
 
Cracking Chip & PIN
Cracking Chip & PINCracking Chip & PIN
Cracking Chip & PIN
 
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
 
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
 
White paper-safe-secure-payments-master card-approach-usa
White paper-safe-secure-payments-master card-approach-usaWhite paper-safe-secure-payments-master card-approach-usa
White paper-safe-secure-payments-master card-approach-usa
 
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
 
IRJET - Online Credit Card Fraud Detection and Prevention System
IRJET - Online Credit Card Fraud Detection and Prevention SystemIRJET - Online Credit Card Fraud Detection and Prevention System
IRJET - Online Credit Card Fraud Detection and Prevention System
 
Attacks on Point of Sale systems - By Symantec
Attacks on Point of Sale systems - By SymantecAttacks on Point of Sale systems - By Symantec
Attacks on Point of Sale systems - By Symantec
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
 

Plus de Anil Jain

Siribhoovalaya pustak shakti
Siribhoovalaya pustak shaktiSiribhoovalaya pustak shakti
Siribhoovalaya pustak shakti
Anil Jain
 
An inimitable cryptographic creation : Siri Bhoovalaya
An inimitable cryptographic creation : Siri BhoovalayaAn inimitable cryptographic creation : Siri Bhoovalaya
An inimitable cryptographic creation : Siri Bhoovalaya
Anil Jain
 

Plus de Anil Jain (10)

"Introduction to Siribhūvalaya" - Talk at Jain Academy of Scholars
"Introduction to Siribhūvalaya" - Talk at Jain Academy of Scholars"Introduction to Siribhūvalaya" - Talk at Jain Academy of Scholars
"Introduction to Siribhūvalaya" - Talk at Jain Academy of Scholars
 
Symposium on Jainism and Mathematics - presentation : 2020
Symposium on Jainism and Mathematics - presentation : 2020 Symposium on Jainism and Mathematics - presentation : 2020
Symposium on Jainism and Mathematics - presentation : 2020
 
Kumudendu Encryption System (KES) Talk at Indian Science Congress : 2020 at B...
Kumudendu Encryption System (KES) Talk at Indian Science Congress : 2020 at B...Kumudendu Encryption System (KES) Talk at Indian Science Congress : 2020 at B...
Kumudendu Encryption System (KES) Talk at Indian Science Congress : 2020 at B...
 
Siri bhoovalaya workshop-session-3
Siri bhoovalaya workshop-session-3Siri bhoovalaya workshop-session-3
Siri bhoovalaya workshop-session-3
 
Siri bhoovalaya workshop-session-2
Siri bhoovalaya workshop-session-2Siri bhoovalaya workshop-session-2
Siri bhoovalaya workshop-session-2
 
Siri bhoovalaya workshop-session-1
Siri bhoovalaya workshop-session-1Siri bhoovalaya workshop-session-1
Siri bhoovalaya workshop-session-1
 
Some Structural Aspects of Siri-Bhoovalaya
Some Structural Aspects of Siri-BhoovalayaSome Structural Aspects of Siri-Bhoovalaya
Some Structural Aspects of Siri-Bhoovalaya
 
Siri Bhoovalaya from Computer Science Perspective
Siri Bhoovalaya from Computer Science PerspectiveSiri Bhoovalaya from Computer Science Perspective
Siri Bhoovalaya from Computer Science Perspective
 
Siribhoovalaya pustak shakti
Siribhoovalaya pustak shaktiSiribhoovalaya pustak shakti
Siribhoovalaya pustak shakti
 
An inimitable cryptographic creation : Siri Bhoovalaya
An inimitable cryptographic creation : Siri BhoovalayaAn inimitable cryptographic creation : Siri Bhoovalaya
An inimitable cryptographic creation : Siri Bhoovalaya
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Sgsits cyber securityworkshop_4mar2017

  • 1. Cyber Security Issues in Payment Card Industry by Anil Kumar Jain Security Consultant, Indore. Contents are based on PAYMENT SECURITY EDUCATIONAL RESOURCES, , PCI Security Standards Council, LLC. Presented at workshop on “Cyber Challenges and Security’’ held on 4th March 2017 at Shri G.S. Institute of Technology & Science, Indore
  • 2. Presentation Agenda • Security - Global Perception • Addressing security in Payment Card Industry • CommonAttackVectors,Vulnerabilities and Exploits • PaymentTransactions in Card Present Scenario • PaymentTransaction in Card Not Present Scenario (e-Commerce) • TopTen Recommendations
  • 3. Security – Global Perception
  • 4. Hackers rush to cash in on $14 billion in fraud before chip cards take over in US In 2016, hacked credit card fraud will reach $4 billion, a record level, and that's just the beginning of a counterintuitive aspect of the nationwide migration away from magnetic strip to chip cards. In the short term, the switch to the chip card technology (known as EMV, which can process credit cards with embedded smart chips) will cause fraud to increase.You read that right. Beyond the $4 billion in fraud expected this year, there will be as much as $10 billion in .... http://www.cnbc.com/2016/05/06/those-new-chip-cards-will-cause-14-billion-in-fraud-by-2020.html
  • 5.
  • 6.
  • 7. Small businesses globally are a prime target for cybercriminals.
  • 8.
  • 9.
  • 11. Payment Card Industry Security Standards Council The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB, MasterCardWorldwide andVisa International on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
  • 12. Payment Card Industry Data Security Standards Control objectives -- covering People, Process and Technology 1. Build and maintain a secure network 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy
  • 13. Security ControlTypes Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets
  • 15. SKIMMING – 1/2 Skimming is copying payment card numbers and personal identification numbers (PIN) and using them to make counterfeit cards, siphon money from bank accounts and make fraudulent purchases. Criminals install equipment at merchant locations, on point- of-sale (POS) devices, automated teller machines (ATM), and kiosks that captures the information from the magnetic stripe.
  • 17. Malware Exploits - 1/4 Recent headlines announcing organizations falling victim to payment card breaches are alarming for business owners. The Payment Card Industry Security Standards Council (PCI SSC) shares steps to take to ensure your organization has the proper security controls in place to prevent a breach caused by malware.
  • 21. Phishing & Social Engineering Attacks- 1/4 Hackers use phishing and other social engineering methods to target organisations with legitimate-looking emails and social media messages that trick users into providing confidential data, such as credit card number, social security number, account number or password. These attacks are at the heart of many of today’s most serious cyber hacks and can put your business and your customers at risk. With a few security basics and ongoing vigilance, businesses can be aware and defend against these attacks.
  • 22. Phishing & Social Engineering Attacks- 2/4
  • 23. Phishing & Social Engineering Attacks- 3/4
  • 24. Phishing & Social Engineering Attacks- 4/4 HOW HACKERS BREAK IN
  • 25. Ransomware – 1/3 RANSOMWARE ISTHE FASTEST GROWING MALWARETHREAT Criminals are attacking businesses with a type of malware that holds business-critical systems and data hostage until a sum of money is received.
  • 28. Responding to a Data Breach Research shows that an Incident ResponseTeam in place can provide significant savings.
  • 30. Card Payment Transaction Process There are many places card data travels throughout the transaction process. Each player that comes in contact with card data plays a vital role in keeping data safe. Card-Holder > Merchant > Acquirer > Card Networks > Issuer
  • 31. Merchant POS Security: EMV® chip and PCI EMV chip is proven to cut down on fraud at the point-of-sale
  • 32. Fight Cybercrime by Making Stolen Data Worthless toThieves - 1/3 42.8 million cyber attacks are expected this year alone. How can businesses eliminate their data as a target for hackers? Three technologies - EMV chip, tokenisation and point-to-point encryption can help organizations make their customer data less valuable to criminals.
  • 33. Technologies that protect data in the transaction process – 1/4
  • 34. Technologies that protect data in the transaction process – 2/4
  • 35. Technologies that protect data in the transaction process – 3/4
  • 36. Technologies that protect data in the transaction process – 4/4
  • 37. PaymentTransaction in Card Not Present Scenario
  • 38. E-commerce with all CNP Payment Channels
  • 39. E-commerce Implementation Schemes – 1/7 Merchant-managed e-commerce implementations: o Proprietary/custom-developed shopping cart/payment application o Commercial shopping cart/payment application implementation fully managed by the merchant Shared-management e-commerce implementations: o URL redirection to a third-party hosted payment page o An Inline Frame (or “IFrame”) that allows a payment form hosted by a third party to be embedded within the merchant’s web page(s) o Embedded content within the merchant’s page(s) using non-IFrame tags. o Direct Post Method (Form) o JavaScript Form o Merchant gateway with third-party embedded application programming interfaces (APIs) or Electronic Data Interchange (EDI) Wholly outsourced e-commerce implementations
  • 40. E-commerce Implementation Schemes – 2/7 An Example Redirect Payment Flow
  • 41. E-commerce Implementation Schemes – 3/7 An Example IFrame Payment Flow
  • 42. E-commerce Implementation Schemes – 4/7 An Example Direct Post Payment Flow
  • 43. E-commerce Implementation Schemes – 5/7 An Example JavaScript Form Payment Flow
  • 44. E-commerce Implementation Schemes – 6/7 An Example API Payment Flow
  • 45. E-commerce Implementation Schemes – 7/7 Advantages and Disadvantages of E-commerce Methods
  • 46. Migrating from SSL and EarlyTLS
  • 47. TopTen Recommendations – 1/9 Stay Smart in Protecting against Card Frauds