Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New scoring system protects credit card transactions

13.11.2007
As this year’s holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry. The latest incarnation of these standards include the Common Vulnerability Scoring System (CVSS) Version 2 that was coauthored this year by researchers at the National Institute of Standards and Technology and Carnegie Mellon University in collaboration with 23 other organizations.

When you make an electronic transaction—either swiping a card at a checkout counter or through a commercial Web site—you enter personal payment information into a computer. That information is sent to a payment-card “server,” a computer system often run by the bank or merchant that sponsors the particular card. The server processes the payment data, communicates the transaction to the vendor, and authorizes the purchase.

According to NIST’s Peter Mell, lead author of CVSS Version 2, a payment-card server is like a house with many doors. Each door represents a potential vulnerability in the operating system or programs. Attackers check to see if any of the “doors” are open, and if they find one, they can often take control of all or part of the server and potentially steal financial information, such as credit card numbers.

For every potential vulnerability, CVSS Version 2 calculates its risks on a scale from zero to 10, assesses how the vulnerability could compromise confidentiality (exposing private information such as credit card numbers), availability (could it be used to shut down the credit card system") and integrity (can it change credit card data"). The CVSS scores used by the credit card industry are those for the 28,000 vulnerabilities provided by the NIST National Vulnerability Database (NVD), sponsored by the Department of Homeland Security.

To assess the security of their servers, payment card vendors use software that scans their systems for vulnerabilities. To promote uniform standards in this important software, the PCI (Payment Card Industry) Security Standards Council, an industry organization, maintains the Approved Scanning Vendor (ASV) compliance program, which currently covers 135 vendors, including assessors who do onsite audits of PCI information security. By June 2008, all ASV scanners must use the current version of CVSS in order to identify security vulnerabilities and score them. Requiring ASV software to use CVSS, according to Bob Russo, General Manager of the PCI Security Standards Council, promotes consistency between vendors and ultimately provides good information for protecting electronic transactions. The council also plans to use NIST’s upcoming enhancements to CVSS, which will go beyond scoring vulnerabilities to identify secure configurations on operation systems and applications.

Ben Stein | EurekAlert!
Further information:
http://www.first.org/cvss
http://nvd.nist.gov

More articles from Business and Finance:

nachricht Mathematical confirmation: Rewiring financial networks reduces systemic risk
22.06.2017 | International Institute for Applied Systems Analysis (IIASA)

nachricht Frugal Innovations: when less is more
19.04.2017 | Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO

All articles from Business and Finance >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Tiny lasers from a gallery of whispers

New technique promises tunable laser devices

Whispering gallery mode (WGM) resonators are used to make tiny micro-lasers, sensors, switches, routers and other devices. These tiny structures rely on a...

Im Focus: Ultrafast snapshots of relaxing electrons in solids

Using ultrafast flashes of laser and x-ray radiation, scientists at the Max Planck Institute of Quantum Optics (Garching, Germany) took snapshots of the briefest electron motion inside a solid material to date. The electron motion lasted only 750 billionths of the billionth of a second before it fainted, setting a new record of human capability to capture ultrafast processes inside solids!

When x-rays shine onto solid materials or large molecules, an electron is pushed away from its original place near the nucleus of the atom, leaving a hole...

Im Focus: Quantum Sensors Decipher Magnetic Ordering in a New Semiconducting Material

For the first time, physicists have successfully imaged spiral magnetic ordering in a multiferroic material. These materials are considered highly promising candidates for future data storage media. The researchers were able to prove their findings using unique quantum sensors that were developed at Basel University and that can analyze electromagnetic fields on the nanometer scale. The results – obtained by scientists from the University of Basel’s Department of Physics, the Swiss Nanoscience Institute, the University of Montpellier and several laboratories from University Paris-Saclay – were recently published in the journal Nature.

Multiferroics are materials that simultaneously react to electric and magnetic fields. These two properties are rarely found together, and their combined...

Im Focus: Fast, convenient & standardized: New lab innovation for automated tissue engineering & drug

MBM ScienceBridge GmbH successfully negotiated a license agreement between University Medical Center Göttingen (UMG) and the biotech company Tissue Systems Holding GmbH about commercial use of a multi-well tissue plate for automated and reliable tissue engineering & drug testing.

MBM ScienceBridge GmbH successfully negotiated a license agreement between University Medical Center Göttingen (UMG) and the biotech company Tissue Systems...

Im Focus: Silencing bacteria

HZI researchers pave the way for new agents that render hospital pathogens mute

Pathogenic bacteria are becoming resistant to common antibiotics to an ever increasing degree. One of the most difficult germs is Pseudomonas aeruginosa, a...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

“Lasers in Composites Symposium” in Aachen – from Science to Application

19.09.2017 | Event News

I-ESA 2018 – Call for Papers

12.09.2017 | Event News

EMBO at Basel Life, a new conference on current and emerging life science research

06.09.2017 | Event News

 
Latest News

Molecular Force Sensors

20.09.2017 | Life Sciences

Producing electricity during flight

20.09.2017 | Power and Electrical Engineering

Tiny lasers from a gallery of whispers

20.09.2017 | Physics and Astronomy

VideoLinks
B2B-VideoLinks
More VideoLinks >>>