Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New scoring system protects credit card transactions

13.11.2007
As this year’s holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry. The latest incarnation of these standards include the Common Vulnerability Scoring System (CVSS) Version 2 that was coauthored this year by researchers at the National Institute of Standards and Technology and Carnegie Mellon University in collaboration with 23 other organizations.

When you make an electronic transaction—either swiping a card at a checkout counter or through a commercial Web site—you enter personal payment information into a computer. That information is sent to a payment-card “server,” a computer system often run by the bank or merchant that sponsors the particular card. The server processes the payment data, communicates the transaction to the vendor, and authorizes the purchase.

According to NIST’s Peter Mell, lead author of CVSS Version 2, a payment-card server is like a house with many doors. Each door represents a potential vulnerability in the operating system or programs. Attackers check to see if any of the “doors” are open, and if they find one, they can often take control of all or part of the server and potentially steal financial information, such as credit card numbers.

For every potential vulnerability, CVSS Version 2 calculates its risks on a scale from zero to 10, assesses how the vulnerability could compromise confidentiality (exposing private information such as credit card numbers), availability (could it be used to shut down the credit card system") and integrity (can it change credit card data"). The CVSS scores used by the credit card industry are those for the 28,000 vulnerabilities provided by the NIST National Vulnerability Database (NVD), sponsored by the Department of Homeland Security.

To assess the security of their servers, payment card vendors use software that scans their systems for vulnerabilities. To promote uniform standards in this important software, the PCI (Payment Card Industry) Security Standards Council, an industry organization, maintains the Approved Scanning Vendor (ASV) compliance program, which currently covers 135 vendors, including assessors who do onsite audits of PCI information security. By June 2008, all ASV scanners must use the current version of CVSS in order to identify security vulnerabilities and score them. Requiring ASV software to use CVSS, according to Bob Russo, General Manager of the PCI Security Standards Council, promotes consistency between vendors and ultimately provides good information for protecting electronic transactions. The council also plans to use NIST’s upcoming enhancements to CVSS, which will go beyond scoring vulnerabilities to identify secure configurations on operation systems and applications.

Ben Stein | EurekAlert!
Further information:
http://www.first.org/cvss
http://nvd.nist.gov

More articles from Business and Finance:

nachricht Europe's microtechnology industry is attuned to growth
10.03.2017 | IVAM Fachverband für Mikrotechnik

nachricht Preferential trade agreements enhance global trade at the expense of its resilience
17.02.2017 | International Institute for Applied Systems Analysis (IIASA)

All articles from Business and Finance >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: A Challenging European Research Project to Develop New Tiny Microscopes

The Institute of Semiconductor Technology and the Institute of Physical and Theoretical Chemistry, both members of the Laboratory for Emerging Nanometrology (LENA), at Technische Universität Braunschweig are partners in a new European research project entitled ChipScope, which aims to develop a completely new and extremely small optical microscope capable of observing the interior of living cells in real time. A consortium of 7 partners from 5 countries will tackle this issue with very ambitious objectives during a four-year research program.

To demonstrate the usefulness of this new scientific tool, at the end of the project the developed chip-sized microscope will be used to observe in real-time...

Im Focus: Giant Magnetic Fields in the Universe

Astronomers from Bonn and Tautenburg in Thuringia (Germany) used the 100-m radio telescope at Effelsberg to observe several galaxy clusters. At the edges of these large accumulations of dark matter, stellar systems (galaxies), hot gas, and charged particles, they found magnetic fields that are exceptionally ordered over distances of many million light years. This makes them the most extended magnetic fields in the universe known so far.

The results will be published on March 22 in the journal „Astronomy & Astrophysics“.

Galaxy clusters are the largest gravitationally bound structures in the universe. With a typical extent of about 10 million light years, i.e. 100 times the...

Im Focus: Tracing down linear ubiquitination

Researchers at the Goethe University Frankfurt, together with partners from the University of Tübingen in Germany and Queen Mary University as well as Francis Crick Institute from London (UK) have developed a novel technology to decipher the secret ubiquitin code.

Ubiquitin is a small protein that can be linked to other cellular proteins, thereby controlling and modulating their functions. The attachment occurs in many...

Im Focus: Perovskite edges can be tuned for optoelectronic performance

Layered 2D material improves efficiency for solar cells and LEDs

In the eternal search for next generation high-efficiency solar cells and LEDs, scientists at Los Alamos National Laboratory and their partners are creating...

Im Focus: Polymer-coated silicon nanosheets as alternative to graphene: A perfect team for nanoelectronics

Silicon nanosheets are thin, two-dimensional layers with exceptional optoelectronic properties very similar to those of graphene. Albeit, the nanosheets are less stable. Now researchers at the Technical University of Munich (TUM) have, for the first time ever, produced a composite material combining silicon nanosheets and a polymer that is both UV-resistant and easy to process. This brings the scientists a significant step closer to industrial applications like flexible displays and photosensors.

Silicon nanosheets are thin, two-dimensional layers with exceptional optoelectronic properties very similar to those of graphene. Albeit, the nanosheets are...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

International Land Use Symposium ILUS 2017: Call for Abstracts and Registration open

20.03.2017 | Event News

CONNECT 2017: International congress on connective tissue

14.03.2017 | Event News

ICTM Conference: Turbine Construction between Big Data and Additive Manufacturing

07.03.2017 | Event News

 
Latest News

'On-off switch' brings researchers a step closer to potential HIV vaccine

30.03.2017 | Health and Medicine

Penn studies find promise for innovations in liquid biopsies

30.03.2017 | Health and Medicine

An LED-based device for imaging radiation induced skin damage

30.03.2017 | Medical Engineering

VideoLinks
B2B-VideoLinks
More VideoLinks >>>