.gif) |
|
 |
| Online Payment & Credit Card Processing Security |
Many organizations view online payment and credit card processing as a necessary
evil. Once the system is working well enough to process transactions, most
organizations never give another thought to it. Unfortunately, there is much
more to securing these systems than simply encrypting data between the customer
and your site. Security vulnerabilities in your web server, database server,
and web applications can reveal your customers' credit card information to
attackers on the Internet. The resulting loss of trust with your customer
base is extremely hard to recover from.
Netbriar understands that organizations need to protect this data, and our Online
Payment and Credit Card Processing Security services are designed to help you take
proactive measures to protect your customers information.
Position, Policy, and Procedures
If your organization handles customer credit card numbers, it is imperative that
you have a clearly defined policy on how this data will be handled. This policy
should include specifying how the credit card numbers should be transmitted,
processed, and stored, who should have access to the data, and how this data
should be protected.
- How will credit card information be transmitted from the client to your network? What encryption will be required?
- Once the data is at your location, how will it be stored? For how long will the user's information be retained? Chargebacks from credit card processing companies often occur by credit card number, so if you have to store credit card numbers for accounting purposes, how will you protect them?
- Which of your employees should have access to customer credit card numbers?
- How will you backup your databases of credit card numbers? Who will have access to these backups? Who can restore credit card numbers from them?
Netbriar helps your organization develop policies that will give your IT staff the
guidance they need to adequately secure your customers' credit card and payment
information.
Assessment
The Online Payment Processing Security Assessment is designed to give your
organization a detailed view of how well you are protecting your customers'
credit card and payment information. Since the security of your customers'
credit card numbers is dependent on a number of systems within your network,
a blended approach is taken to analyze each of the components within your
network that have the ability to impact sensitive credit card data. The following
components are part of an Online Payment and Credit Card Processing Security
Assessment:
- Network Security Assessment - Netbriar performs a Network Security Assessment on the following portions of your network:
- Border Routers
- Firewalls
- Web servers that handle customer credit card information
- Servers that handle sensitive customer credit card information (i.e. accounting servers, database servers, credit card processing servers)
- Backup Systems that store data containing sensitive customer credit card numbers
- Database Security Assessment - Netbriar assesses the security and configuration
of relational database servers that store credit card information
- Application Security Assessment - A limited assessment of the security of your
web application is performed to help identify potential vulnerabilities in the application itself that may allow an attacker to obtain credit card information
|
|
|
