Internet Retailer - Strategies For Multi-Channel Retailing
Home Editorial Guides Conferences Subscriptions
search
Advertising Coming Soon Contact Us

Top 500 Guide
Web Design Guide
EC Technology Guide
IRCE 2008 CD-ROM
Web Design 08 CD-ROM
Order Reprints/E-Prints
Buyer's Guide

Press Releases
Press Releases Monday, May 21, 2001   
E-Mail 'CyberSource Advisory to Promote Security of Online Consumer Data' to a friend  Printer Friendly: CyberSource Advisory to Promote Security of Online Consumer Data   
Internet Retailer Top 500 Guide

CyberSource Advisory to Promote Security of Online Consumer Data

Top 10 Tips for E-Businesses to Secure Consumer Information and Credit Card Data

CyberSource(R) and The Software & Information Industry Association (SIIA) Introduce New Security White Paper for Businesses Selling Online

MOUNTAIN VIEW, Calif., May 21 -- CyberSource Corporation (Nasdaq: CYBS), a leading provider of payment risk management and real-time payment solutions for enterprise businesses, and a pioneer in Internet fraud detection, today released tips to help e-businesses protect themselves and the personal and private information of their online consumers.

While more and more shoppers are making the move to the Internet, concern about security and protection of their private information remains one of the top barriers to making online transactions. Three in five Internet shoppers fear their credit card number could be stolen when used to make online purchases, and shoppers still prefer to give credit card numbers by phone, according to a recent report*. In order for businesses selling online to make the most of the growing business to consumer market, they need to have the best possible security in place.

To that end, CyberSource recommends the following precautions and best practices as a starting point for businesses selling online to secure customer data and credit card information:

1. Approach security as a system. Security is more than just a firewall or a user-name and password login. There are numerous interacting systems involved including access control through encryption of sensitive data.
2. Establish policy. Have a clear policy related to security and the handling of sensitive data.
3. Communicate internally. Make everyone aware of their responsibility for security. This includes conducting policy education for all facets of security from facility instructions to reporting breeches.
4. Implement a "layered" security model. Most organizational security models can be described as an egg shell; hard on the outside, soft in the center. According to a 2000 FBI and Computer Security Institute survey report, over 70 percent of the loss of confidential information comes from within. The security model must be layered, where internal assets are secured, partitioned, and monitored.
5. Use secure message digest. For security of credit card numbers, use the secure hashing algorithm (known as SHA-1) in order to make a unique surrogate value that can be referenced, but not used to charge against the account.
6. Use advanced encryption. When encrypting sensitive data like credit card numbers, use at least the Triple-DES algorithm with a 168-bit key.
7. Manage encryption keys. Use either a hardware device or secure key storage system to store encryption keys. Rotate the keys frequently and provide the physical control over who can access these keys.
8. Destroy data when no longer needed. Physically destroy disks or use a wipe algorithm to completely destroy sensitive data that is no longer needed. Where encrypted data no longer needs to be recovered, completely destroy the key.
9. Look for new developments. Criminal behavior and attacks on company data have become increasingly complex and deceptive because of new tools readily available to cybercriminals. Subscribe to information services and react to new developments as they are reported.
10. Monitor compliance. Track compliance against security policy and report exceptions to senior executives of the company.

Further details about each of these tips and more are provided in a white paper authored by CyberSource Chief Technology Officer Tom Arnold and published by the Software & Information Industry Association (SIIA), the principal trade association of the software code and information content industries (see related press release issued May 21, 2001: "SIIA Releases White Paper on New Method of Securing Consumer and Credit Card Data). The white paper, titled "An Electronic Citadel -- A Method for Securing Credit Card and Private Consumer Data in E-business Sites" can be downloaded in its entirety free of charge from http://www.cybersource.com and http://www.siia.net/sharedcontent/divisions/ebus/citadel.pdf . CyberSource experts are also available to the press for in-depth commentary.

About Tom Arnold
Tom Arnold joined CyberSource in March 1996. AS CTO, Mr. Arnold is responsible for the design, development and deployment of CyberSource`s risk management architecture and solutions. Prior to CyberSource, Mr. Arnold managed applications development at Silicon Graphics, Inc., building the next generation of electronic sales and service systems. Prior to Silicon Graphics, Mr. Arnold led the development of online database systems for NASA/Ames Research Center.

IRCE 2008 Conference Multi-Media CD-ROM

Mr. Arnold serves as a board member for the National White Collar Crime Center, and is the chairperson for the Technology Working Group, E-business Division, Software & Information Industry Association. He has testified before the U.S. House of Representatives Commerce Committee and U.S. Senate Banking Committee on topics related to Internet commerce and Internet fraud.

About SIIA
The Software & Information Industry Association (SIIA) is the principal trade association of the software code and information content industry. SIIA represents more than 1,000 leading high-tech companies that develop and market software and electronic content for business, education, consumers and the Internet. For further information, visit http://www.siia.net .

About CyberSource
CyberSource Corporation is a leading provider of payment risk management and real-time payment solutions for enterprise businesses. CyberSource solutions are specially designed for multiple sales channels, such as Web and call center/IVR, and include professional services to assist customers with the design, integration and optimization of enterprise-wide commerce transaction systems. CyberSource serves over 3,000 businesses, including over half of the Dow Jones Industrial companies. The company is headquartered in Mountain View, Calif., and has sales and service facilities in Japan, the United Kingdom, and various other locations in the United States. For more information, please visit CyberSource`s web site at http://www.cybersource.com or email info@cybersource.com.

NOTE: CyberSource is a registered trademark in the U.S. and other countries. CyberSource eCommerce Transaction Suite is a service mark of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective companies.

* Statistics Source: eMarketer, the eCommerce B2C Report, March 2001

CONTACT:
Jennifer Jennings of CyberSource Corporation
650-965-6042
jjennings@cybersource.com

or

Liz Haas of atomic tech pr
415-703-9454
liz@atomicpr.com

End of Content

Back...

Guide to Retail Web Design & Usability

Copyright © 2006 This content is the property of Vertical Web Media. Privacy Policy
Articles by Age, Title, Author. Conference, CD, Guides