Secure payments & Security Pays
-
Upload
projectmanagementbbp -
Category
Documents
-
view
318 -
download
3
Transcript of Secure payments & Security Pays
www.hackersafe.eu | websitebeveiliging| Business to You | Hans Bouman
ETT 2014 Introductie Hans Bouman - B2U
1992 – 2000 Product manager e-Commerce
2001 - heden Secure eCommerce
2002 – 2005 Country Manager Ogone
2005 Strategic Partner Europe (website security) www.hackersafe.eu
2006 Preferred Partner www.internetkassa.com
2006 Reseller (SaaS anti-spam/anti-virus) www.emailcleanport.nl
2014 Partner BeNeLux (Personalized websites) www.convertplus.nl
2015 - heden Email/SMS payment link service www.paybylink.eu
3rd of March 2015
Secure Payments
Security Pays
Security matrix
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
WWW.PCISECURITYSTANDARD.ORG
PCI is so… credit card focussed
Security matrix
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
Security so… credit card focused
Basket/products
First name, Surname
Financial information
Credit card numbers
Storage: more and more in the CLOUD
Social Security Number
Passport numbers
Driver's license number
Delivery address
Mobile number
Email address
Date of Birth
Passwords
Hobbies
Order history
EU Directive 95/46/EC - The Data Protection Directive
“(46) Whereas the protection of the rights and freedoms of data
subjects with regard to the processing of personal data requires
that appropriate technical and organizational measures be taken,
both at the time of the design of the processing system and at the
time of the processing itself, particularly in order to maintain
security and thereby to prevent any unauthorized processing;
whereas it is incumbent on the Member States to ensure that
controllers comply with these measures; whereas these measures
must ensure an appropriate level of security, taking into
account the state of the art and the costs of their
implementation in relation to the risks inherent in the
processing and the nature of the data to be protected;”
Security matrix
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
Responsibility vs Liability
The OWNER of the domain.
The OWNER of the domain.
Who is responsible for the security of the website?
Who is legally liable?
The OWNER of the domain.
Who has to pay the costs and penalties?
SQL-injection
SQL Database
Error Disclosure
Directory Traversals Improper Error Handling
Application Source Code Disclosure Authentication
Bypass
Insufficient Session Expiration
Command Injection
SSL Injection
Malicious CGI Scripts
Buffer Overflows
Client Side Vulnerabilities
Directory Indexing
Server Nisconfigurations
How to involve marketing?
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
So, where are your monitoring reports?
“We have a great website builder with good reputation”
“We have the most secure hosting company”
“It’s their risk a well, so they will manage it…”
“Other companies check it, so…”
Vulnerability scan & report
All internal staff & external partners
involved and fully committed
www.domain.nl
Hosting1
Firewalls, IDS,
DMZ, Routers,
Gateways, Ports,
Services,
Emailservers
Websites(n)
Applications, CMS,
scripts, XML-
interface, API’s
Internet
DNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS,
scripts, XML-
interface, API’s
Firewalls, IDS,
DMZ, Routers,
Gateways, Ports,
Services,
Emailservers
Helpdesk
Responsible: Board
Managers
Mayors
Executive
Report (PDF)
login.domain.nl
Hosting2
Websites(n)
Applications, CMS,
scripts, XML-
interface, API’s
Firewalls, IDS,
DMZ, Routers,
Gateways, Ports,
Services,
Emailservers
Suppliers Shopping
portals Logistics
System owners
Programmer
External partners
Marketing
How to involve marketing?
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
&
TRUST
Partners
chain
protection
If you invest in security, why not show it?
Malware verspreid via grote websites
Get trusted: “NO MALWARE”
www.convertplus.nl
How the buyer thinks…
How?
Trust starts at search-engines
Ah, that one
is secure
No SSL or even SSL-error message…
Don’t understand,
but looks scary...
Close window!
3rd of March 2015
Secure Payments
Security Pays
Thank you!
BUSINESS TO YOU
www.b2u.nl
www.hackersafe.eu
Office: +31 297 381302
Email: [email protected]