1 / 12

Security in Credit Card Transactions Banking Vietnam 2007 Hanoi, Vietnam 1 June 2007

Security in Credit Card Transactions Banking Vietnam 2007 Hanoi, Vietnam 1 June 2007. Thomas Parenty Director, Information Security Services Hill & Associates Risk Consulting. Old Fashioned Fraud. New Faces of Credit Card Crimes. Britain’s largest fraud Potential loss of £17 million

reece
Download Presentation

Security in Credit Card Transactions Banking Vietnam 2007 Hanoi, Vietnam 1 June 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Credit Card TransactionsBanking Vietnam 2007Hanoi, Vietnam1 June 2007 Thomas ParentyDirector, Information Security Services Hill & Associates Risk Consulting

  2. Old Fashioned Fraud

  3. New Faces of Credit Card Crimes • Britain’s largest fraud • Potential loss of £17 million • 32,000 American credit card numbers • Cloned cards • Money Trail Poland, Estonia, Russia, Span, US, Virgin Islands

  4. TJX: The Biggest Yet • $17 billion retailer Marshalls, T.J. Max, A.J. Wright, Home Goods • 45.7 million credit & debit card numbers • 1 year of transactions • (possibly 200 million numbers from 4 years) • Personal info on over 450,000 customers

  5. Estimated Costs • TJX $24 million incident response $ 1 Billion remediation (over 5 years) $? Over 20 lawsuits • Banks $300 million to replace cards $? fraud

  6. Climbing Through a Wireless Window • Wired Equivalent Privacy (WEP) not private

  7. Setting Up Shop • Crack encryption • Intercept usernames and passwords • Create new computer accounts • Steal credit & debit numbers • Sell them on the Internet

  8. Payment Card Industry (PCI) Security Standards Council

  9. PCI Data Security Standard • Technical controls Encrypt all administrator access Anti-virus and firewalls • Policy Do not store full track data • Testing Vulnerability & penetration • Qualified Security Assessors • Approved Scanning Vendors

  10. Relationships and Responsibilities

  11. Asian PCI Issues & Thoughts • Huge increase in interest this year • But, requirement or nice idea? • Negative consequences of not passing audit Remediation Reputation issues • PCI is a good, clear standard • Banks are financially responsible for the mistakes of others

  12. Security in Credit Card TransactionsBanking Vietnam 2007Hanoi, Vietnam1 June 2007 Thomas ParentyDirector, Information Security Services Hill & Associates Risk Consulting

More Related