Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/29/2009
12:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CyberSource Announces Enterprise Payment Security 2.0

Company outlines its approach to the effective protection of payment data

READING, UK " September 29, 2009 " CyberSource Ltd., the UK-based subsidiary of CyberSource Corporation (NASDAQ: CYBS), today outlined its approach to the effective protection of payment data " Enterprise Payment Security 2.0. Where payment security has traditionally focused on "locking down" data via encryption, CyberSource supports the elimination of raw payment data from a merchant's environment.

The most common way to address the risk of payment data loss today is encryption. According to CyberSource, this is a partial, complex, and costly approach that still leaves merchants with vulnerable data on their systems. Recently publicised data breaches have demonstrated that the lock-down model is inadequate, unmanageable or both. Clearly, payment security still presents challenges for the eCommerce industry.

With the launch of a new whitepaper, "Enterprise Payment Security 2.0: A New Look at Payment Security Management", CyberSource is offering a different management strategy " the eradication of storage, capture and back-office exposure of payment data. The whitepaper shows how merchants can rid their systems of sensitive payment information, including:

  • Eliminate payment data storage. Using payment tokenisation with remote secure storage, merchants can store payment data at a payment security"certified service provider. A secure "payment token" and a masked account number are returned for use by the merchant's system to reference the transaction in subsequent actions.

  • Eliminate payment data capture. Through Hosted Payment Acceptance, merchants' customer payment information is captured directly by the payment network—it never enters merchants' systems.

  • Eliminate back-office exposure to payment data. This can be accomplished by a number of tactics, including the outsourcing of tasks such as manual order review and chargeback management. Dr Akif Khan, Head of Client and Technical Services at CyberSource Ltd., says: "Enterprises shouldn't have to handle payment data, ever. If there's nothing to steal, the risk of a breach is effectively eliminated. By taking away contact with payment data, merchants will have a security solution that is safer, easier to manage, simpler and less costly to certify.

    Perhaps most importantly, Enterprise Payment Security 2.0 can help mitigate the threat to merchants' brands and reputation." "Enterprise Payment Security 2.0: A New Look at Payment Security Management" is available for download at: http://www.cybersource.co.uk/resources/enterprise_payment_security2.php.

    For more information on CyberSource's Payment Security Services, please see: http://www.cybersource.co.uk/products_services/payment_security_services/index.html About CyberSource Ltd.

    CyberSource Ltd. is a wholly-owned subsidiary of CyberSource Corporation (NASDAQ: CYBS). CyberSource solutions enable electronic payment processing for Web, call centre, and POS environments. CyberSource also offers industry leading risk management solutions for merchants accepting card-not-present transactions. CyberSource Professional Services designs, integrates, and optimises commerce transaction processing systems. Over 273,000 businesses use CyberSource solutions, including half the companies comprising the Dow Jones Industrial Average. The company is headquartered in Mountain View, California, and has sales and service offices in Japan, the United Kingdom, and other locations in the United States including Bellevue, Washington and American Fork, Utah. For more information on CyberSource Ltd. please visit www.cybersource.co.uk or email [email protected]

    2009 CyberSource Corporation. All rights reserved.

    CyberSource is a registered trademark in the U.S. and other countries. All other brands and product names are trademarks or registered trademarks of their respective companies.

    Contact: Sarita Sawhney/Danielle Cook, Noiseworks +44(0)1628 628080 or [email protected]

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
    Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
    Edge-DRsplash-10-edge-articles
    Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
    Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
    News
    Cybercrime Groups More Prolific, Focus on Healthcare in 2020
    Robert Lemos, Contributing Writer,  2/22/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Building the SOC of the Future
    Building the SOC of the Future
    Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-27132
    PUBLISHED: 2021-02-27
    SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
    CVE-2021-25284
    PUBLISHED: 2021-02-27
    An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
    CVE-2021-3144
    PUBLISHED: 2021-02-27
    In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
    CVE-2021-3148
    PUBLISHED: 2021-02-27
    An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
    CVE-2021-3151
    PUBLISHED: 2021-02-27
    i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...