The hot topic today is on-line or web-based transactions and how the public interrupts the issue of security. At the center of the debate is the “user interface” and how secure is that interface. Many people wonder who is watching my activity and gathering userid’s and passwords, fearing giving away access to their accounts. Some say – who cares, I only use ‘X’ credit card for on-line activities and that carrier protects me from fraud and account crediting. Others are opting for protection from Insurance companies – like Allstate’s new Identity Theft Protection policy.
All of these ideas are practical but the industry needs to respond with platforms for safe on-line commerce. For example, credit card companies and on-line transaction processor must comply with an evolving set of principles called Payment Card Industry (PCI) Data Security Standard. Announced as a joint MasterCard/Visa security standard December 2004, applies to any entity that ‘processes, transmits, or stores’ cardholder information. PCI mandates that third-party (i.e. PWC) audits and scanning for violations within largest merchants and service providers -- fines of up to $500,000 per incident.
The top 12 principles;
- Install, maintain a firewall configure to protect data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored data.
- Encrypt transmission of cardholder and sensitive information across public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
- Restrict access by business need-to-know.
- Assign a unique ID to each person.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for employees and contractors.
So, what is Microsoft doing about security and on-line transaction processing products – plenty! One item in particular, the new Internet Explorer (IE 7.0) on Windows Vista includes a more secure version of IE. Among the many new features IE 7 will support “protected browsing” mode, which prohibits the browser and any controls (i.e. malware) running within the browser from writing to areas outside the temporary Internet files folder without user consent (user gullibility still is an issue!). Some of the features within IE 7.0 like anti-Phishing, will be available on Windows XP SP2/R3, however “protected mode” browsing will only be available with the Vista release.
Financial Services enterprises wishing to provide a “protected mode” and zero-touch to thier existing IE “user-interface” for applications like "on-line banking services" try looking at one of Microsoft's partners Permeo. They have a very cool process for securing IE sessions against key loggers, browser cache theft, and having a very cool demo of an on-line banking transaction that detects and protects the session. Again, it’s a zero-touch solution that's deployed by the Financial Services institution when entering the banks website dynamically.
This is the second article on Vista road map click here for first.
Cheers, Don.
Hola faretaste
mekodinosad
Posted by: AnferTuto | July 27, 2007 at 09:58 PM
Less than six months after initially launching Yahoo! Go 2. 0, the service will launch to millions of additional consumers in 13 countries on Friday. Consumers in Canada, France, Germany, India, Indonesia, Italy, Malaysia, Philippines, Singapore, Spain, United Kingdom, Thailand and Vietnam will be able to download and enjoy localized beta versions of the service. At launch the new beta versions for these countries will have much of the functionality as the US version and are supported by more than 200...
Posted by: maps yahoo | March 19, 2008 at 10:09 PM
If your looking for even more information on PC security then I would head over here as they have plenty of stuff on identity theft, antivirus software etc.
Posted by: PC Security | June 11, 2008 at 12:02 AM
Again, it’s a zero-touch solution that's deployed by the Financial Services institution when entering the banks website dynamically.
Posted by: Order Tadalafil | May 18, 2009 at 09:19 AM
Good blog... i need this information!!! thanks
Posted by: Order Tadalafil | May 18, 2009 at 09:20 AM
So, what is Microsoft doing about security and on-line transaction processing products – plenty!
Posted by: Online pharmacy | June 11, 2009 at 07:23 AM
The hot topic today is on-line or web-based transactions and how the public interrupts the issue of security.
Posted by: Online Pharmacy | August 11, 2009 at 09:59 AM