The world today operates in an age of IT. Almost every bit of our daily life activities has been computerized: most services and access to information is now automated, even business transactions. With such advancements in Technology (particularly access to information), comes the need for privacy and security on individuals, companies and corporate entities. For instance, most people in the world today acquire products and procure services in the form of cashless transactions. These transactions are facilitated through the use of a payment card. The payment card is given to the payment card holder, as representation of account with said payment card organization. During the course of transacting business, several stakeholders access the card holder’s information. This information is private and therefore subject to protection: without which hackers may make use of such information to indulge in fraudulent activities or resort to cyber bullying. Subject to technological advancement, standards have been employed where payment card transactions are concerned.
Payment Card Industry (PCI) Data Security Standard (DSS) is a measure that was put in place to secure the card holder’s (client) data. This standard of security was initiated with a goal of assimilation by all stakeholders handling client data globally. This should not be confused as a form of government intervention; however, any merchant not compliant only serves to invite hefty fines. PCI DSS dictates the provisions that govern the operational standard of requirements designed to protect a card holder’s information: these standards are levied against stakeholders involved in the transaction process. A brief overview of intimate levels of PCI Data Security Standards involves building and maintaining a secure network, protecting card holders’ information through methods such as encryption, using up-to-date antivirus programs, providing client information on a need-to-know basis, regularly testing security apparatus and enforcing relevant policies on personnel on how to handle information.
In recent years, the retail business has witnessed a boom in online shopping which is fast developing due to convenience of being able to pay for online transactions using information on the payment card. As an Information Security Manager in a bank, my duties are vast and require a lot of knowledge on the business aspect and IT systems. This information would play a crucial role in helping me make informed decisions that in the long run would serve to enforce PCI DSS among fellow Information Security Personnel and card holders who subscribe to the bank. The first step in designing a PCI DSS compliant website would be determining the annual transaction volume: Abu Dhabi is the capital of the seven great cities of the United Arab Emirates, the annual volume of transactions in an Oil country will warrant onsite audits annually and quarterly network scans. IT systems in use will have to allow upgrade and manipulation of source code for easy access. A database of client information armed with a firewall and best encryption would also have to be stored off-site and explicitly accessed manually to curb online hacking.
On the subject of card holders accessing e-commerce sites, the risks will primarily arise due to open source or propriety software usage. E-commerce sites plagued by vendor lock-in will only be provided with limited information. Open source systems in e-commerce are few and do not possess IT competence and, therefore, data encryption (in both cases) should help protect client information. Also, these organizations would have to comply with PCI DSS as dictated by the bank failure to which heavy fines will be incurred. Lastly, the website will also be protected with a firewall to combat hacking, only limited data for each client at any one time will be transmitted across organizations using the bank’s network.
References
Epstein, R. A. (2008). Cybersecurity in the Payment Card Industry. Journal Articles , 205-207.
Harwood, M. (2015). Internet Security: How to Defend Against Attackers on the Web. Burlington: Jones & Bartlett Publishers.
Internal Revenue Service (U.S.). (2009). Internal Revenue Cumulative Bulletin 2007-2, July-December. Washimgton, DC: Government Printing Office.
Oliveira, R. (2008). Which OpenSource software is mature enough to replace proprietary software and bring financial savings to Enterprises? Copenhagen: Lulu.com.
PCI Security Standards Council. (2010, October). Requirements and Security Assessment Procedures. Payment Card Industry (PCI) Data Security Standard , pp. 5-7.
