Month: March 2016

Where Do You Go to Get PCI Compliant?

download (6)PCI, also known as PCI DSS which stands for Payment Card Industry Data Security Standard, is an industry that runs the standards and the measures of security of businesses that transmit, store, process, and accept credit card information. Organizations that are PCI Compliant don’t get much data breaches, which lead to exposure of cardholder data. If you own a business and it deals with credit card payments then you are required to meet the PCI DSS standards. You can become PCI compliant by asking your card brand to lead you through the process.

The PCI Security Standards Council is a group that studies the uprising PCI security issues and hence develops programs and standards to get hold of the reliability of payment card system.

Categories of PCI compliance

PCI Compliance is divided into six main categories:

· Access Control
· Data Protection
· Monitoring
· Secure Network
· Security Policy
· Vulnerability Management

Access Control

Put Access Control into practice. Limit the password access to your system, every employee should only have access to the password he needs for his job only. Explain them that it is best for both customers and employees. If your business gets breached then investigating the matter will be easy due to restricted access to network.

Data Protection

Keep the data protected and save the physical records of customer and cardholder information, either by a physical lock and key or a card system. If your business includes manual processing of credit card then limit the access to receipts and slips by locking up them safely. If the data is stored in your network then it should be encoded and kept behind the company’s firewall.

Monitoring

Monitor your network by providing each terminal and user a unique ID number. This way in times of a breach IT professionals will find it easy to know from where the attack took place.

Secure Network

Create a secure network by keeping your firewalls updated and working. Under no circumstances let your firewalls go down and don’t give employees permission to disable firewalls for any reason.

Security Policy

Make a security policy by changing the passwords every now and then. As soon as the passwords are given by vendor change them immediately. Apply same password change policy on your employees. Change your passwords on a regular basis as instructed by the vendor.

Vulnerability Management Program

Develop a vulnerability management program by keeping your system protected with the correct anti-virus software. Also prohibit the addition of software like games that might compromise the system.

Penalties for PCI DSS Violations

It is better to understand that what might happen if PCI DSS requirements are violated. A business that is not PCI Compliant is most likely to pay fines, sanction and is likely to end up losing his rights from processing credit card information. If being non compliant results in data loss; then the business is likely to pay higher fines and some additional huge fines from the credit card brands and banks. Businesses not being PCI Compliant might subject to lawsuits and governmental actions for not being able to protect customer data.

 

How Technology Advancements Has Its Impact on Us

download (5)The advancement of new technology has been taking place since the beginning of human history. From the invention of items like the spear and knives made out of rocks and sticks to aid in the capturing and killing of animals for food, to items like the first printing press and the computer. The question: are the impacts positive or negative?

Technology is a word used to collectively describe or portray the advancements, abilities,creations, undertakings, views, and knowledge of a singular group of persons: we as human-kind. The advancement in technology has been exceptionally fast in the 20th and 21st century. With electronic technology and machines being produced and improved all the time, it was very likely that along with the positive aspects of these new advancements, people would also consider the negative aspects and look to criticize new technology.

A Positive Side

As the old age states “NECESSITY IS THE MOTHER OF INVENTION” i.e. necessities tend to spawn inventions and each invention is annexed with the need of betterment and transmogrification. Newer and newer advances are happening by the day. Technological change is in large part responsible for many of the secular trends in such basic parameters of the human condition as the size of the world population, life expectancy, education levels, material standards of living,and the nature of work, communication, health care, war, and the effects of human activities on the natural environment.

Other aspects of society and our individual lives are also influenced by technology in many direct and indirect ways, including governance,entertainment, human relationships, and our views on morality, mind, matter, and our own human nature. Needless to add that these advancements also invigorate economic development as the effective use of technology reduces the material production cost and the overhead charges which generate savings in the economy and thus lead to national development.

And the Negative Side

Problems and potentials often go hand in hand; Society has become more and more dependent on technology. So much so that we sometimes lack the willingness to think before we act. We become impatient if it takes more than a few seconds to download a copy of the morning news paper. We expect immediate responses to our email, and we expect someone to answer their cell phone whenever and wherever we call.

Technology is making us so bust that we can can’t even find time to spend with our closed one’s. it would be surprising to know that people are in contact through chat and online messaging though they are in same city because they think its more faster and effective but they are forgetting that meeting personally can never replace online chatting.

“technology in sum, is both friend and enemy”

Neil Postman, author of the book called Technopoly, writes that ‘technology in sum, is both friend and enemy’. He can see the benefits and how technology can be seen as a friend to humanity that ‘it makes life easier, cleaner and longer’. He can accept it does humanity good. It’s almost a positive claim based on technology like medical advancements such as x-ray devices and medical drugs that help to lengthen life and help humanity. This is a very positive aspect of the advancement because we can improve health and lengthen our lives. But these medical advancements are mainly produced by companies, who then choose to monetize the advancement. Moral responsibility is weakened by this greed for money; they have lost the objective in saving lives or making people healthy again. They are only creating advancements in technology in order to make a lot of money.

Neil Postman also sees technology as undermining human processes as well. That technology creates ‘a culture without moral foundation’ and undermines social relations between humans. This can currently be seen with the argument over social networking sites on the internet. It was created for people to communicate and network, yet some people use it as their only form of communication with other people. This doesn’t necessarily help their social skills in the real and outside world away from the internet. People can become addicted and reliant on this technology and use it as their main form for creating social relations. It makes things like understanding facial expressions and body language hard to grasp.

Conclusion

If technological advancements are put in the best uses, it further inspires the development in related and non-related areas but at the same time its negative use can create havoc in the humanity or the world. Technology has, and will, change the moral fabric of humanity; it is up to the present generation to heed this warning and not allow such societal travesties of immense proportions ever to occur again Technological Advancements will continue to advance rapidly as we move into the next millennium. What is important is to ensure that these advances benefit humanity as a whole…

 

Glossary of PCI Terms

download (4)Here is a glossary of terms associated with PCI.

Approved Scanning Vendor (ASV)

In order to be PCI Compliant, you will require a successful scan certificate from an Approved Scanning Vendor. An ASV will certify you that you are up to all the technical requirements. ASVs are enlisted by PCI SSC on the basis of their performance.

Audit log

It is the record of activities of system up to a certain date; but it should have enough details to track back sequence of events that go from the beginning of transaction to the end.

Card holder Data (CD)

Cardholder data contains full Primary Account Number (PAN). Cardholder data also contains the following information:

· Name of the Cardholder
· Expiration Date
· Service Code (optional)

Card holder Data Environment (CDE)

It is an environment containing all the processes and technology including the people that process, transmit or store customer cardholder information or authentication information. CDE also includes connected system components and virtualization technology like applications, servers etc.

Encryption

The conversion of text into coded form is known as encryption. Only the people having the specific decrypting codes can get access to such data and only through a specific cryptographic key this data can be accessed. This puts a barrier between unauthorized disclosure and the encryption and decryption process.

File Integrity Monitoring

This concludes if the files or logs have been changed or altered in any way. When specific important files or logs are changed, PCI sends notifications and alerts to the security personnel.

Firewall

This technology keeps the network protected from unauthorized access by limiting or stopping traffic among networks having different security level based on specific criteria. Hosting options of PCI Compliance has various types of firewalls, including dedicated firewall appliances, virtual private firewalls, and shared firewalls.

Intrusion Detection Service (IDS)

This is the software or hardware that gives alerts about network or system intrusions. This system might have alert sensors, a centralized logging system and monitoring options to keep track of events.

Intrusion Prevention Service (IPS)

It is same as the Intrusion Detection Service, while IDS detects the intrusions the IPS tries to prevent the intrusions or possibly block the intrusions detected by the IDS.

Penetration Test

This is a test conducted on applications and network and also on processes and controls, to check any vulnerability and to know about how much at risk is the security and how openly can security be accessed or breached.

Primary Account Number (PAN)

The Primary Account Number is also known as unique payment card number or account number that gives details about the cardholder account and the issuer, it is used for either credit or debit cards.

Private Network

Private networks consider using private IP address space and their access must be protected through firewalls and routers from a public network.

Service Provider

Service provider is a non-payment brand entity that processes, stores or transmits payment cardholder data. Any company that affects the security of the payment cardholder information is included as the service provider, i.e. a company providing management services or a company providing hosting services by managing firewalls, IDS, etc.

 

Biometric Attendance Machine Vs Manual Maintenance of Attendance

download (3)Organizations are exploring every possible way to increase their revenue and control their cost. Time attendance machines are used by all size of organizations to record when an employee starts and ends their work. And it will allow them to know for which department the work is performed or carried on by the employees. Apart from tracking when an employee is working, organizations can even track that when an employee is not working, that means it allow the organizations to track the meal and break times of an employee. A time attendance machine allows organizations to cut their labor cost, increase compliance and enhance overall control.

Based on the size and requirement different organizations uses different tools to record the attendance and other activities of their employees. Some organizations use Biometric Attendance Machine, Fingerprint Attendance Machine, and some organization follows Manual Maintenance of Attendance. Manual Maintenance of Attendance is suggested only for the organizations having fewer or very fewer employees.

Manual maintenance of attendance requires an efficient and skilled HR to log employee work hours and attendance. Under this system paper punch cards and punch machines are used to track the working hours and attendance of an employee. It takes several days of work to add up all working hours properly for correct and accurate input of payroll data, and it always has chances of errors in calculating employee wages.

While automated time and attendance systems like a Biometric Attendance Machine and Fingerprint Attendance Machines are more accurate as compared to Manual Maintenance of Attendance and logging data for payroll from these systems needs less time. Tracking system like magnetic stripe cards, barcode tags, electronic tags, touch screens and biometrics used in these automated systems.

Biometric Attendance Machine uses physical characteristics like fingerprints, hands, eyes or other features for identification of employees. To add an extra layer of security, efficiency, and accountability these biometric devices are often used as a punch clock. This system makes employees more accountable to their attendance time which in turn increase productivity and profitability of the organization. Biometric systems found in almost every industry.

The biometric system offers a broad range of products to choose from, and one of the most famous amongst them is Fingerprint Attendance Machine. It is one of the most efficient and accurate attendance machines. It is easy and straightforward to use and also an inexpensive system. Further, it reduces the chances of proxy or buddy punching. It comes with an excellent capability to store records up to 30000. It is one of the most accepted biometric systems used in airports, hospitals, manufacturing centers and other places.

But apart from organizations, it is imperative for employees to know the benefits of these machines. It will allow the employees to get paid for every single minute they have worked. With the use of time and attendance device, the employees are readily available with the information like hours worked, earned time-off, and even their schedule. It also eliminates their dependence on managers for such information. The machines are unbiased that means it treats everyone equally.