Arb Secure .Net
Páginas: 11 (2592 palabras)
Publicado: 28 de enero de 2013
White Paper
Developer Security Best Practices
The importance of strong security cannot be overvalued for any successful business. A security breach can result in significant financial loss, irreparable damage to reputation or worse.
Information security should therefore be of the utmost concern when developing computer applications that handle, process, or store consumer information. Thisdocument provides information about payments industry security initiatives and other best practices that are recommended to developers for incorporating the highest levels of data protection in their various payment applications.
Payments Industry Security Initiatives
The Card Associations employ stringent data protection compliance requirements for merchants and merchant service providers,including businesses or other parties that provide payment processing solutions to merchants. Two specific programs, the Payment Card Industry (PCI) Data Security Standard and the Payment Applications Best Practices (PABP), are vital to the long term success of your business. Authorize.Net encourages you to read the following sections thoroughly so as to understand both PCI and PABP and theirspecific requirements for you and your merchants.
Payment Card Industry (PCI) Data Security Standard
The PCI Data Security Standard is an industry-wide program implemented in December 2004 that incorporates the various cardholder security programs previously created by Visa, MasterCard, Discover, and American Express. PCI is designed for merchants and merchant service providers (includingdevelopers) that handle, process, and/or store cardholder information. Recognizing that a merchant’s security needs vary according to its size and the number of transactions it processes, the PCI Data Security Standard has been divided into separate levels of required merchant and developer compliance. To support your efforts to optimize security, Authorize.Net has partnered with TrustWave, a leading datasecurity and compliance services provider that offers convenient and affordable PCI compliance tools. For more information about TrustWave’s services and
www.authorize.net P.O. Box 8999, San Francisco, CA 94128-8999 Toll-free at 866-437-0491 E-mail: sales@authorize.net
pricing options, please visit http://www.authorizenet.trustkeeper.net. You will need to register in order to log in. You canalso learn more about the required levels of PCI compliance at http://www.atwcorp.com/pciDataSecurityStandard.php. To optimize security and reliability, Authorize.Net strongly recommends that all merchants and service applications strive to become compliant with the PCI Data Security Standard. Please note that the following information is only a summary of the PCI Data Security Standardrequirements. This information is not comprehensive and should not be substituted for official PCI documentation. For more information about the PCI Data Security Standard, see https://sdp.mastercardintl.com/pdf/pcd_manual. pdf or http://www.usa.visa.com/business/accepting_visa/ops_risk_management/ cisp_service_providers.html?it=c|/business/accepting_visa/ops_risk_management/ cisp%2Ehtml|Service%20Providers.Build and Maintain a Secure Network
Requirement 1 - Install and maintain a firewall configuration to protect data A firewall is a hardware or software solution that monitors the activity of external connections (primarily the Internet) to an internal network of servers. Firewalls help to eliminate unauthorized or unwanted external activity and safeguard your network and connections fromoutside threats. Requirement 2 – Do not use vendor supplied defaults for system passwords and other security parameters When installing any system on a network you should change the vendor-supplied default passwords. Using strong passwords that are difficult to guess or generate can significantly decrease the chances of confidential information becoming compromised. For additional information about...
Developer Security Best Practices
The importance of strong security cannot be overvalued for any successful business. A security breach can result in significant financial loss, irreparable damage to reputation or worse.
Information security should therefore be of the utmost concern when developing computer applications that handle, process, or store consumer information. Thisdocument provides information about payments industry security initiatives and other best practices that are recommended to developers for incorporating the highest levels of data protection in their various payment applications.
Payments Industry Security Initiatives
The Card Associations employ stringent data protection compliance requirements for merchants and merchant service providers,including businesses or other parties that provide payment processing solutions to merchants. Two specific programs, the Payment Card Industry (PCI) Data Security Standard and the Payment Applications Best Practices (PABP), are vital to the long term success of your business. Authorize.Net encourages you to read the following sections thoroughly so as to understand both PCI and PABP and theirspecific requirements for you and your merchants.
Payment Card Industry (PCI) Data Security Standard
The PCI Data Security Standard is an industry-wide program implemented in December 2004 that incorporates the various cardholder security programs previously created by Visa, MasterCard, Discover, and American Express. PCI is designed for merchants and merchant service providers (includingdevelopers) that handle, process, and/or store cardholder information. Recognizing that a merchant’s security needs vary according to its size and the number of transactions it processes, the PCI Data Security Standard has been divided into separate levels of required merchant and developer compliance. To support your efforts to optimize security, Authorize.Net has partnered with TrustWave, a leading datasecurity and compliance services provider that offers convenient and affordable PCI compliance tools. For more information about TrustWave’s services and
www.authorize.net P.O. Box 8999, San Francisco, CA 94128-8999 Toll-free at 866-437-0491 E-mail: sales@authorize.net
pricing options, please visit http://www.authorizenet.trustkeeper.net. You will need to register in order to log in. You canalso learn more about the required levels of PCI compliance at http://www.atwcorp.com/pciDataSecurityStandard.php. To optimize security and reliability, Authorize.Net strongly recommends that all merchants and service applications strive to become compliant with the PCI Data Security Standard. Please note that the following information is only a summary of the PCI Data Security Standardrequirements. This information is not comprehensive and should not be substituted for official PCI documentation. For more information about the PCI Data Security Standard, see https://sdp.mastercardintl.com/pdf/pcd_manual. pdf or http://www.usa.visa.com/business/accepting_visa/ops_risk_management/ cisp_service_providers.html?it=c|/business/accepting_visa/ops_risk_management/ cisp%2Ehtml|Service%20Providers.Build and Maintain a Secure Network
Requirement 1 - Install and maintain a firewall configuration to protect data A firewall is a hardware or software solution that monitors the activity of external connections (primarily the Internet) to an internal network of servers. Firewalls help to eliminate unauthorized or unwanted external activity and safeguard your network and connections fromoutside threats. Requirement 2 – Do not use vendor supplied defaults for system passwords and other security parameters When installing any system on a network you should change the vendor-supplied default passwords. Using strong passwords that are difficult to guess or generate can significantly decrease the chances of confidential information becoming compromised. For additional information about...
Leer documento completo
Regístrate para leer el documento completo.