Auditing your Payment Cards Processes, Systems and Applications: A Step By Step PCIDSS Compliant Audit Program (A Practical Guide for Payment Card Brand, Issuers, Acquirers, Processors and Switches)
Nonfiction, Computers, Networking & Communications, Computer Security, Operating Systems, Internet, Electronic Commerce
| Author: | Nwabueze Ohia | ISBN: | 9780463481363 |
| Publisher: | Nwabueze Ohia | Publication: | May 7, 2018 |
| Imprint: | Smashwords Edition | Language: | English |
| Author: | Nwabueze Ohia |
| ISBN: | 9780463481363 |
| Publisher: | Nwabueze Ohia |
| Publication: | May 7, 2018 |
| Imprint: | Smashwords Edition |
| Language: | English |
Despite investment made by businesses that process, store, transmit and access cardholder information in the area of security, data breaches have continued to occur in a disturbing scale leading to loss of funds by cardholders, financial institutions and insurance companies. Players in the payment cards ecosystem such as the card brands (American Express®, Discover®, JCB, MasterCard®, VISA®, Union Pay® and Verve®), card issuers, terminal owners/acquirers, processors and payment switches have suffered losses and reputational damages due to inadequate security controls, process flaws as well as poor monitoring and oversight by those who are saddled with the responsibility to do so. Where vulnerabilities are left unaddressed, chances are that fraudsters and attackers could exploit them to their advantage.
As the cyber security space evolves, fraudsters and attackers have continued to change their techniques of committing cybercrimes to maintain an edge. Credit, debit and prepaid card data have been stolen from unsuspecting cardholders through various scheming and fraudulent means. Personal Identification Number (PIN) information associated with credit and debit cards that serve as the last point of defense for chip cards has been stolen and used to commit fraud. Concerned business have failed to comply with relevant information security and control standards such as Payment Card Industry Data Security Standard (PCI DSS), Payment Applications Data Security Standard (PADSS), ISO 27001 and ISO 22301 as best practice.
The objective of this practical guide is to offer the reader a step by step guide on how to carry out the audit/review of the payment cards processes, systems and applications to provide that needed assurance to stakeholders (management, investors and regulators) on the adequacy and effectiveness of controls in the payment cards processes and systems. Businesses that process, store, transmit and access cardholder information as a matter of corporate governance and regulation perform audit of the payment cards processes, systems and applications in a defined cycle. However, the personnel carrying this audit burden have sometimes fallen short in their responsibilities with its attendant impact on the confidentiality, integrity and availability of cardholder information.
This book will close this gap by first highlighting some of the risks, vulnerabilities, and process/control lapses associated with the payment card environment and how they can impact the security of cardholder information. This is important to raise the awareness of the reader on inherent risks/vulnerabilities in the payment card processes, systems and applications. Thereafter, the steps on how to carry out the audit testing to identify those process, system and control failures in the area of payment card policies, processes, applications, databases, change management, redundancy and data backup, vendor management and third party services, encryption key management, terminal security, network security, vulnerability management, operating systems security, credit card portfolio management, card operations (priming, production, stocking & distribution), instant card issuance, reissuance among others. The primary audience are e-Business Managers, QSAs, IT security managers, IT risk managers, IT managers, business managers and IT auditors who are responsible for developing, implementing, operating, managing and reviewing the controls, technology and processes that are required to secure the system and comply with PCIDSS requirements.
Despite investment made by businesses that process, store, transmit and access cardholder information in the area of security, data breaches have continued to occur in a disturbing scale leading to loss of funds by cardholders, financial institutions and insurance companies. Players in the payment cards ecosystem such as the card brands (American Express®, Discover®, JCB, MasterCard®, VISA®, Union Pay® and Verve®), card issuers, terminal owners/acquirers, processors and payment switches have suffered losses and reputational damages due to inadequate security controls, process flaws as well as poor monitoring and oversight by those who are saddled with the responsibility to do so. Where vulnerabilities are left unaddressed, chances are that fraudsters and attackers could exploit them to their advantage.
As the cyber security space evolves, fraudsters and attackers have continued to change their techniques of committing cybercrimes to maintain an edge. Credit, debit and prepaid card data have been stolen from unsuspecting cardholders through various scheming and fraudulent means. Personal Identification Number (PIN) information associated with credit and debit cards that serve as the last point of defense for chip cards has been stolen and used to commit fraud. Concerned business have failed to comply with relevant information security and control standards such as Payment Card Industry Data Security Standard (PCI DSS), Payment Applications Data Security Standard (PADSS), ISO 27001 and ISO 22301 as best practice.
The objective of this practical guide is to offer the reader a step by step guide on how to carry out the audit/review of the payment cards processes, systems and applications to provide that needed assurance to stakeholders (management, investors and regulators) on the adequacy and effectiveness of controls in the payment cards processes and systems. Businesses that process, store, transmit and access cardholder information as a matter of corporate governance and regulation perform audit of the payment cards processes, systems and applications in a defined cycle. However, the personnel carrying this audit burden have sometimes fallen short in their responsibilities with its attendant impact on the confidentiality, integrity and availability of cardholder information.
This book will close this gap by first highlighting some of the risks, vulnerabilities, and process/control lapses associated with the payment card environment and how they can impact the security of cardholder information. This is important to raise the awareness of the reader on inherent risks/vulnerabilities in the payment card processes, systems and applications. Thereafter, the steps on how to carry out the audit testing to identify those process, system and control failures in the area of payment card policies, processes, applications, databases, change management, redundancy and data backup, vendor management and third party services, encryption key management, terminal security, network security, vulnerability management, operating systems security, credit card portfolio management, card operations (priming, production, stocking & distribution), instant card issuance, reissuance among others. The primary audience are e-Business Managers, QSAs, IT security managers, IT risk managers, IT managers, business managers and IT auditors who are responsible for developing, implementing, operating, managing and reviewing the controls, technology and processes that are required to secure the system and comply with PCIDSS requirements.
