Week 8. Secure Your Credit Cards

In the past few years, online shopping had increased tremendously.  With the growth of online purchase, the risk of credit card theft also grows proportionally.  To protect consumers, major credit card issuers and those involved in the credit card transaction have worked hard to maintain satisfactory security level.  

Credit card issuers, today, provides free services that used to come with a membership fee.  One beneficial service is text, email or phone call notification on credit card transaction.  The feature can be activated in card holder's account settings.  Once activated and set to a desired notification preference, the card holder receives notification of the transaction made to the credit card.  The card holder can also receive notification of suspected transactions.  The mechanism works by studying how and where the credit card is being used.  When the card is used outside of the norm, the transaction will be stopped, and the notification is sent to the card holder according to the setting in the user account profile.  Although this feature could be annoyed, it is recommended to every credit card holder.  It will save lots of frustrations and problems ones may encounter.

For online transactions, a mechanism called 3D Secure helps add another security level to the credit card charging process.  The mechanism is provided by visa and mastercard.  To use 3D secure, the card holder must register for the feature by providing the credit card information to the card issuer.  The card issuer then sends a password that the card holder can use to verify the identity when needed.  The merchant must also support 3D secure to make it work.  When a purchase is made, the merchant sends the credit card information to the card issuer using the 3D secure message format.  The information is passed through a series of checks and verifications by the 3D secure provider.  If necessary, the password prompt will be shown, and the purchaser must enter the password to continue the transaction.  Once verified, the transaction continues and is completed.



References:

https://usa.visa.com/visa-everywhere/security/future-of-digital-payment-security.html

https://www.mastercard.com/gateway/implementation_guides/3D-Secure.html

Comments

Post a Comment

Popular posts from this blog

Week 4 - STRIDE: Spoofing

Image
On week one, I briefly mentioned STRIDE as a method for threat identification. From this week, I want to go into a little more detail on each of its Mnemonic.  First, let's talk a little more about STRIDE.  In security , there are three fundamental aspects of the asset when speaking of security.  They are Confidentiality, Integrity, and Availability, which are referred to as the CIA triad.  To protect the asset means to protect its confidentiality, integrity, and availability.  STRIDE provides six ways to identify threats that would target the three areas. Spoofing: pretend to be someone or something that has legitimate permission to access the asset.  It is one of the ways to break the confidentiality . Tampering: ways to change the integrity of the asset. Repudiation: ways to obtain proves of violation Information Disclosure: access restricted information without permission (confidentiality) Denial of Service: ca...
Read more

Week 12 - The Final Words

Finally, I get to take a week of break.   This is the busiest Term so far.   Lots of demands from work plus things keep breaking at home made it tough.   I am glad it over.   With that said, I learned much from this class. In the first four weeks, I got to understand the threat modeling process and different threat modeling tools.   In a nutshell , threat modeling is about understanding your current state of the network; find all vulnerabilities, threats, and risks; formulate action plan and priority.   The process is carried out in a systematic way .   Initially, I thought the threat modeling is a process for finding the threats.   The name sounds small, but it also covers asset identification and action planning, as I realized after the comment on my assignment.  I spent the following weeks working on a security project where I apply the threat modeling process.   The first phase in threat modeling is the asset assessmen...
Read more

Week 7 - STRIDE: Repudiation

Image
In 2000, couple individuals at Signal Lake were sued for $25 million by a man named Suni Munshani.   He alleged that Signal Lake’s officers promised him a large amount of asset.     Munshani provided an email that purportedly sent from the dependents as the proof for his allegation.   The court ordered security professional to investigate and concluded that the plaintiff altered one of the emails the dependent sent to him.   Although this does not relate to repudiation, it brings an important aspect of non-repudiation.   (memecrunch.com) Repudiation, in short, is the denial of any wrongdoing , which is the very first thing anyone would do when they get caught doing something illegal.   Professional hackers learn to cover their track very well.   Likewise, security professionals learn to track.   For the email tampering case I mentioned, the defendant would not win the lawsuit if old emails weren’t available for invest...
Read more