THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
The Current Problem The current problem facing the payment card industry is the ability to effectively combine or integrate solutions that are able to secure both the hardware and software component of the solution. In either case, the hardware or the software are developed in isolation from one another and one or the other is overlaid with the other components in order to get something that works. Current Vulnerabilities A variety of vulnerabilities continue to plague the POS service provider industry. Vulnerabilities continue to damage organizations around the globe. The breaches stem from the core vulnerabilities of:
Separation of Threat Environments Support service providers should focus on two different environments in which the potential threats can be classified. These environments are the service providers own network and the physical hardware that the solution resides on. Isolation of these environments will allow the businesses to focus on those areas more effectively. Service Provider The service provider must maintain the highest levels of security within their environment in order to prevent potential access to the code (if they just provide that portion of the solution) or to the device itself if they manufacture it. Providing a secure environment in which to develop and test the code should be one of the most important aspects of the service providers overall security measures. The most common types of threats for POS devices posed by the service provider’s environment are:
While there are several areas that are mentioned here, the areas listed above are not meant to be all inclusive. Physical Hardware Out of all of the areas that pose the biggest threat to merchants, it is usually from the physical device itself. Since most merchants are not familiar with the inner workings of their deployed devices. It may be difficult to spot a device that may be compromised. Whether it is the physical hardware that is compromised itself or if it is how those devices function, spotting a vulnerable hardware device in a myriad of devices may be very overwhelming. Process Security
As an IT Security Professional, it is important to develop processes that help to protect your organization or business from potential threats. The use of POS devices for merchants should not be any different in that certain process can be implemented that should be designed to find those potential threats before they compromise your devices. The processes should focus on the device itself and how it behaves and any abnormal behavior should be reported to IT Security as soon as it is noticed. Summary When it comes to POS security, the solution provider wants to be proactive and not reactive. Being reactive means that a compromise has already happened and the company must take some needed steps to help prevent more damage. Instead, look at security in a holistic approach with both the physical security of the hardware and the solution provider’s own environment playing a key role in the overall security of the solution. Threats come in many forms, and while security measures can be taken to address some of these. It is not realistic that all threats could be mitigated. However, addressing those issues that the company has control over will help to limit those possible threats. It is also important to find service providers that take security seriously and that will help to strengthen the security of the merchant that uses their solution.
0 Comments
|
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|