![<?echo $_SERVER['SERVER_NAME'];?>](/template/twentyseventeen/skin/images/header.jpg)
With the dramatic increase in the volume of credit card business, the number of credit card crimes has also risen, and criminal tactics and technologies have emerged one after another. Recently, MasterCard and Visa, the world’s two largest credit card organizations, were placed in public opinion.
At the end of March, Global Payments, which handles credit card transactions for Visa, MasterCard, American Express and other international card agencies, expressed suspicions that its customer data was hacked in early March and has been notified to law enforcement agencies in real time. Overall investigation. Visa and MasterCard subsequently issued notices to various banks and card issuers regarding this incident. Their credit card account information may be stolen, reminding card issuers to pay close attention to the account status and taking measures to ensure data security.
Ai Ruiqi said that the attack by hackers was very smart. “The attackers used very advanced tools. After they entered the system, they encrypted themselves, so others couldn’t see that they had gone in. We used to believe that encryption was Our self-protection method did not expect to be exploited by criminals."
The U.S. company’s own system is well-developed, so it can identify and monitor these intrusive messages. "They found that these hackers immediately reported to Visa and MasterCard, and also reported to the US intelligence agencies." Ai Ruiqi further explained.
A credit card payment involves multiple links of acquirer, card issuer, card transaction processing provider, cardholder, merchant, and merchant transaction processing provider. Each link faces credit card fraud risk considerations. The leakage of credit card data is undoubtedly a nightmare for any party, including card organizations, users, and banks.
"But this data breach is nothing compared with the biggest data leak incident we saw that time." Ai Ruiqi said.
As early as 2005, it was also because third-party service providers were hacked into computer systems, resulting in theft of 40 million credit card data. With this information, hackers can create fake cards and swipe credit cards, which is also the most serious credit card data leak in the United States.
Consumers' demands for credit card payments are increasing, and card organizations are also striving to find a balance between the three aspects. "Security is a major challenge." Ai Ruiqi said that protecting consumer information stored in financial institutions and quickly identifying thefts is increasingly important.
"Protecting data is becoming more and more complicated, but this is extremely important. We require that we don't store unneeded data because this could be used to create fake cards. Now 99% of large businesses have said they don't store sensitive data." Ai Ruiqi said.
She also reminded that as more and more users put their personal information on social networks, it is easy for criminals to obtain information. “More dynamic passwords and one-time passwords will be used in the future. At the same time, transaction alert services are increasingly important. ."
Currently Visa has 15,200 cooperative financial institutions worldwide, with 78 billion transactions per year, total transaction volume of 6 trillion US dollars, and 30 million businesses have been developed, with 2 billion VISA cards.
“The global fraudulent loss rate of VISA credit cards has been declining over the past 20 years, especially in the last 4 years, and it has been reduced to only 5 cents for every 100 US dollars of transactions. In China, fraud losses are not yet Half of this number." Ai Ruiqi said.
Related product introduction:
The enterprise data security protection system is a professional enterprise data security management system. It effectively combines the transparent encryption of files within the LAN and the effective management of the internal network. It is powerful and can meet the needs of different types of enterprise users for information security.
Features:
1, transparent encryption and decryption protection kernel filter driver: In the Windows operating system, there is a kernel module to manage the system's input and output, I / O Manager. Before a program sends an operation request (such as a read-write request) to a target device object (such as a file), the I/O Manager checks the driver that is mounted on the device object. If the object exists, the I/O Manager puts it. The request is sent first to the driver. Driver objects exist as stacks, so custom filter driver objects can be added to driver objects.
This system uses the kernel filter driver technology to enforce transparent encryption and protection of document files generated by administrators and generated data files. When users and programs access these encrypted files, they verify their legitimacy. If they are legal, then Perform transparent decryption, otherwise do not decrypt it. The encryption and decryption process will not affect existing programs and user habits.
2. The leak protection system provides strong encryption protection for the specified data file. In order to prevent internal personnel from using improper or other illegal tools to steal encrypted document content, the system provides leak protection control functions.
(1) Print control: The system controls the printing of encrypted documents at the operating system kernel driver level. When a program sends a print request to the printer, the kernel driver intercepts the print request. If it is a trusted print operation, the driver will allow printing. Record the print event, otherwise disable printing and record the print event.
(2) Memory Stealing Control: The system protects the memory data of the application program at the kernel driver layer of the operating system. When the encrypted document data is loaded into the memory, the kernel driver reads and writes the protected memory area of ​​the confidential data, and other programs cannot pass through. Memory access steals encrypted document data and solves the problem of memory stealing important data.
(3) Other controls: The system is in the operating system kernel driver layer to prevent users from exploiting the operating system's drag-and-drop and copy functions to disclose encrypted document data. When the user performs drag and drop and copy operations, the driver will analyze whether the operation is a policy process. If the same is a policy process, it is allowed to drag and copy each other, or it is prohibited.
3. The two-factor authentication WINDOWS operating system uses the GINA for login authentication when the user logs on. This method only has identity and password protection in a high-security business environment. This type of identity authentication is not secure. This system forces clients to use USB-KEY for identity authentication. After the user authentication succeeds, the system automatically downloads the user's security policy.
4. In the secure communication protocol system, the network communication between the client and the server adopts a private secure communication protocol, and the cryptographic signature algorithm using the ECC algorithm cluster ensures that the network data cannot be tapped or tampered. Network data, whether it is keys, logs, or policies, is transmitted using this protocol to ensure the security of network communications.
This protocol provides the following features: key transmission security, key access permission control (only the correct user can correctly obtain the key) policy integrity, log confidentiality, and so on.
Scope of application The objects of protection of data security protection systems are mainly sensitive data documents of governments and enterprises, including design documents, source codes of design drawings, marketing plans, financial statements, and other documents related to state secrets and business secrets of enterprises. Widely used in government research and development, design, manufacturing and other industries.
At the end of March, Global Payments, which handles credit card transactions for Visa, MasterCard, American Express and other international card agencies, expressed suspicions that its customer data was hacked in early March and has been notified to law enforcement agencies in real time. Overall investigation. Visa and MasterCard subsequently issued notices to various banks and card issuers regarding this incident. Their credit card account information may be stolen, reminding card issuers to pay close attention to the account status and taking measures to ensure data security.
Ai Ruiqi said that the attack by hackers was very smart. “The attackers used very advanced tools. After they entered the system, they encrypted themselves, so others couldn’t see that they had gone in. We used to believe that encryption was Our self-protection method did not expect to be exploited by criminals."
The U.S. company’s own system is well-developed, so it can identify and monitor these intrusive messages. "They found that these hackers immediately reported to Visa and MasterCard, and also reported to the US intelligence agencies." Ai Ruiqi further explained.
A credit card payment involves multiple links of acquirer, card issuer, card transaction processing provider, cardholder, merchant, and merchant transaction processing provider. Each link faces credit card fraud risk considerations. The leakage of credit card data is undoubtedly a nightmare for any party, including card organizations, users, and banks.
"But this data breach is nothing compared with the biggest data leak incident we saw that time." Ai Ruiqi said.
As early as 2005, it was also because third-party service providers were hacked into computer systems, resulting in theft of 40 million credit card data. With this information, hackers can create fake cards and swipe credit cards, which is also the most serious credit card data leak in the United States.
Consumers' demands for credit card payments are increasing, and card organizations are also striving to find a balance between the three aspects. "Security is a major challenge." Ai Ruiqi said that protecting consumer information stored in financial institutions and quickly identifying thefts is increasingly important.
"Protecting data is becoming more and more complicated, but this is extremely important. We require that we don't store unneeded data because this could be used to create fake cards. Now 99% of large businesses have said they don't store sensitive data." Ai Ruiqi said.
She also reminded that as more and more users put their personal information on social networks, it is easy for criminals to obtain information. “More dynamic passwords and one-time passwords will be used in the future. At the same time, transaction alert services are increasingly important. ."
Currently Visa has 15,200 cooperative financial institutions worldwide, with 78 billion transactions per year, total transaction volume of 6 trillion US dollars, and 30 million businesses have been developed, with 2 billion VISA cards.
“The global fraudulent loss rate of VISA credit cards has been declining over the past 20 years, especially in the last 4 years, and it has been reduced to only 5 cents for every 100 US dollars of transactions. In China, fraud losses are not yet Half of this number." Ai Ruiqi said.
Related product introduction:
The enterprise data security protection system is a professional enterprise data security management system. It effectively combines the transparent encryption of files within the LAN and the effective management of the internal network. It is powerful and can meet the needs of different types of enterprise users for information security.
Features:
1, transparent encryption and decryption protection kernel filter driver: In the Windows operating system, there is a kernel module to manage the system's input and output, I / O Manager. Before a program sends an operation request (such as a read-write request) to a target device object (such as a file), the I/O Manager checks the driver that is mounted on the device object. If the object exists, the I/O Manager puts it. The request is sent first to the driver. Driver objects exist as stacks, so custom filter driver objects can be added to driver objects.
This system uses the kernel filter driver technology to enforce transparent encryption and protection of document files generated by administrators and generated data files. When users and programs access these encrypted files, they verify their legitimacy. If they are legal, then Perform transparent decryption, otherwise do not decrypt it. The encryption and decryption process will not affect existing programs and user habits.
2. The leak protection system provides strong encryption protection for the specified data file. In order to prevent internal personnel from using improper or other illegal tools to steal encrypted document content, the system provides leak protection control functions.
(1) Print control: The system controls the printing of encrypted documents at the operating system kernel driver level. When a program sends a print request to the printer, the kernel driver intercepts the print request. If it is a trusted print operation, the driver will allow printing. Record the print event, otherwise disable printing and record the print event.
(2) Memory Stealing Control: The system protects the memory data of the application program at the kernel driver layer of the operating system. When the encrypted document data is loaded into the memory, the kernel driver reads and writes the protected memory area of ​​the confidential data, and other programs cannot pass through. Memory access steals encrypted document data and solves the problem of memory stealing important data.
(3) Other controls: The system is in the operating system kernel driver layer to prevent users from exploiting the operating system's drag-and-drop and copy functions to disclose encrypted document data. When the user performs drag and drop and copy operations, the driver will analyze whether the operation is a policy process. If the same is a policy process, it is allowed to drag and copy each other, or it is prohibited.
3. The two-factor authentication WINDOWS operating system uses the GINA for login authentication when the user logs on. This method only has identity and password protection in a high-security business environment. This type of identity authentication is not secure. This system forces clients to use USB-KEY for identity authentication. After the user authentication succeeds, the system automatically downloads the user's security policy.
4. In the secure communication protocol system, the network communication between the client and the server adopts a private secure communication protocol, and the cryptographic signature algorithm using the ECC algorithm cluster ensures that the network data cannot be tapped or tampered. Network data, whether it is keys, logs, or policies, is transmitted using this protocol to ensure the security of network communications.
This protocol provides the following features: key transmission security, key access permission control (only the correct user can correctly obtain the key) policy integrity, log confidentiality, and so on.
Scope of application The objects of protection of data security protection systems are mainly sensitive data documents of governments and enterprises, including design documents, source codes of design drawings, marketing plans, financial statements, and other documents related to state secrets and business secrets of enterprises. Widely used in government research and development, design, manufacturing and other industries.
Gel, VRLA
Wolong Electric Group Zhejiang Dengta Power Source Co.,Ltd , https://www.wldtbattery.com