Tech Risk & Security

Below is the testimony from CEO of Cardsystem, which can be found at here It seems an insider job (knowing which file to look for and can bypass FW setups). It is very difficult to uncover a script on a server if it is plant by an insider. BUT having this script running for 8 months is another thing. Security Audits, periodic port scanning and health check should uncover this abnormality of the systems. If one look into the root cause of this problem, it is the credit card data is stored for incomplete transactions. I believe lots of other card processing companies also store these type of data for manual settlements. How the Security Breach Occurred In September 2004, an unauthorized party placed a script (a sequence of instructions interpreted or carried out by another program) on the CardSystems platform (an underlying computer system on which application programs run) through an internet-facing application that is used by our customers to access data. In contrast to scripts, viruse...

In HK, one of the largest banks enchanced their eBanking security by giving each online banking customer with a security token , about the size of a battery with smal 6-digit LCD display. The device fits for carrying around. BUT after its release, some people with poor vision is complaining their access to online banking is made more difficult if not impossible. The one-time password display is just too small for them. When we talk about security, it is usually for the "normal" man working on the street. As security is becoming a commonplace, we will face the challenge of meeting the demand of everyman on the street.