Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New scoring system protects credit card transactions

13.11.2007
As this year’s holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry. The latest incarnation of these standards include the Common Vulnerability Scoring System (CVSS) Version 2 that was coauthored this year by researchers at the National Institute of Standards and Technology and Carnegie Mellon University in collaboration with 23 other organizations.

When you make an electronic transaction—either swiping a card at a checkout counter or through a commercial Web site—you enter personal payment information into a computer. That information is sent to a payment-card “server,” a computer system often run by the bank or merchant that sponsors the particular card. The server processes the payment data, communicates the transaction to the vendor, and authorizes the purchase.

According to NIST’s Peter Mell, lead author of CVSS Version 2, a payment-card server is like a house with many doors. Each door represents a potential vulnerability in the operating system or programs. Attackers check to see if any of the “doors” are open, and if they find one, they can often take control of all or part of the server and potentially steal financial information, such as credit card numbers.

For every potential vulnerability, CVSS Version 2 calculates its risks on a scale from zero to 10, assesses how the vulnerability could compromise confidentiality (exposing private information such as credit card numbers), availability (could it be used to shut down the credit card system") and integrity (can it change credit card data"). The CVSS scores used by the credit card industry are those for the 28,000 vulnerabilities provided by the NIST National Vulnerability Database (NVD), sponsored by the Department of Homeland Security.

To assess the security of their servers, payment card vendors use software that scans their systems for vulnerabilities. To promote uniform standards in this important software, the PCI (Payment Card Industry) Security Standards Council, an industry organization, maintains the Approved Scanning Vendor (ASV) compliance program, which currently covers 135 vendors, including assessors who do onsite audits of PCI information security. By June 2008, all ASV scanners must use the current version of CVSS in order to identify security vulnerabilities and score them. Requiring ASV software to use CVSS, according to Bob Russo, General Manager of the PCI Security Standards Council, promotes consistency between vendors and ultimately provides good information for protecting electronic transactions. The council also plans to use NIST’s upcoming enhancements to CVSS, which will go beyond scoring vulnerabilities to identify secure configurations on operation systems and applications.

Ben Stein | EurekAlert!
Further information:
http://www.first.org/cvss
http://nvd.nist.gov

More articles from Business and Finance:

nachricht Microtechnology industry is hiring – positive developments of past years continue
09.04.2018 | IVAM Fachverband für Mikrotechnik

nachricht RWI/ISL-Container Throughput Index with minor decline on a high overall level
20.03.2018 | RWI – Leibniz-Institut für Wirtschaftsforschung

All articles from Business and Finance >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: ScanCut project completed: laser cutting enables more intricate plug connector designs

Scientists at the Fraunhofer Institute for Laser Technology ILT have come up with a striking new addition to contact stamping technologies in the ERDF research project ScanCut. In collaboration with industry partners from North Rhine-Westphalia, the Aachen-based team of researchers developed a hybrid manufacturing process for the laser cutting of thin-walled metal strips. This new process makes it possible to fabricate even the tiniest details of contact parts in an eco-friendly, high-precision and efficient manner.

Plug connectors are tiny and, at first glance, unremarkable – yet modern vehicles would be unable to function without them. Several thousand plug connectors...

Im Focus: New Strategy Against Osteoporosis

An international research team has found a new approach that may be able to reduce bone loss in osteoporosis and maintain bone health.

Osteoporosis is the most common age-related bone disease which affects hundreds of millions of individuals worldwide. It is estimated that one in three women...

Im Focus: AI & single-cell genomics

New software predicts cell fate

Traditional single-cell sequencing methods help to reveal insights about cellular differences and functions - but they do this with static snapshots only...

Im Focus: TU Graz Researchers synthesize nanoparticles tailored for special applications

“Core-shell” clusters pave the way for new efficient nanomaterials that make catalysts, magnetic and laser sensors or measuring devices for detecting electromagnetic radiation more efficient.

Whether in innovative high-tech materials, more powerful computer chips, pharmaceuticals or in the field of renewable energies, nanoparticles – smallest...

Im Focus: Tailored light inspired by nature

An international research team with Prof. Cornelia Denz from the Institute of Applied Physics at the University of Münster develop for the first time light fields using caustics that do not change during propagation. With the new method, the physicists cleverly exploit light structures that can be seen in rainbows or when light is transmitted through drinking glasses.

Modern applications as high resolution microsopy or micro- or nanoscale material processing require customized laser beams that do not change during...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

“Conference on Laser Polishing – LaP 2020”: The final touches for surfaces

23.07.2020 | Event News

Conference radar for cybersecurity

21.07.2020 | Event News

Contact Tracing Apps against COVID-19: German National Academy Leopoldina hosts international virtual panel discussion

07.07.2020 | Event News

 
Latest News

Anode material for safe batteries with a long cycle life

06.08.2020 | Power and Electrical Engineering

Turning carbon dioxide into liquid fuel

06.08.2020 | Life Sciences

Tellurium makes the difference

06.08.2020 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>