{"id":253,"date":"2015-01-23T09:42:20","date_gmt":"2015-01-23T09:42:20","guid":{"rendered":"http:\/\/www.gallop.net\/blog\/?p=253"},"modified":"2018-10-11T15:00:09","modified_gmt":"2018-10-11T09:30:09","slug":"banking-application-security-and-impact-of-pci-dss-compliance","status":"publish","type":"post","link":"https:\/\/www.cigniti.com\/blog\/banking-application-security-and-impact-of-pci-dss-compliance\/","title":{"rendered":"Banking Application Security and Impact of PCI DSS Compliance"},"content":{"rendered":"<p>Over 1 Million people across the world become victims of cyber crime daily with crimes occurring at the rate of <a href=\"http:\/\/www.informationweek.com\/strategic-cio\/executive-insights-and-innovation\/10-ways-to-fight-digital-theft-and-fraud\/d\/d-id\/1127869\" target=\"_blank\" rel=\"nofollow noopener\">12 per second<\/a>. Alarmed? You have every reason to be.<\/p>\n<p>Since the majority of data breaches relate to debit and credit cards, the PCI DSS standards were set in 2006 to strengthen information security and keep customer data secure.<\/p>\n<p><strong>What is PCI DSS?<\/strong><\/p>\n<p>PCI DSS \u2013 Payment Card Industry Data Security Standard \u2013 is the set of security standards administered by PCI Security Standards Council founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to safeguard debit and credit card data. Its scope covers data security management, security policies and procedures, network architecture and software design.<\/p>\n<p>It suggests a continuing cycle of assessment (identifying vulnerabilities), remedy (fixing vulnerabilities) and reporting for all entities that store, process and transmit card data.<\/p>\n<p><strong>How does PCI DSS impact banking and banking applications?<\/strong><\/p>\n<p>PCI DSS has set stringent norms that banks need to follow diligently to stay compliant. Primary among them is the need to perform adequate security testing to ensure card holder data is never compromised.<\/p>\n<ul>\n<li>Run controlled data breach attempts against the bank network on regular basis to ensure network, end-point and web application security<\/li>\n<li>Perform security testing to detect well known vulnerabilities like SQL injection, OS command injection, Cross-site scripting, broken authentication etc.<\/li>\n<li>Test for the presence of authorized and un-authorized wireless access points on a quarterly basis<\/li>\n<li>Perform penetration testing \u2013 white box and black box \u2013 on network layer and application layer at least once a year or after a signification change has been made to the application<\/li>\n<li>Scope of penetration testing is the card holder environment (CDE) + systems and networks connected to it (unless the bank has a segmented network in which the CDE is isolated from other systems)<\/li>\n<li>Penetration testing should aim to identify all possible threats and vulnerabilities and try to exploit them to penetrate the system both at the application and network level<\/li>\n<li>Issues identified should be corrected and re-tested until all chances of malicious activity are removed<\/li>\n<\/ul>\n<p>Most financial organizations find it challenging to meet the rigorous testing requirements of PCI DSS. A Verizon study finds <a href=\"http:\/\/searchsecurity.techtarget.com\/news\/2240238330\/Preview-of-2015-Verizon-PCI-report-hints-at-firewall-compliance-issues\" target=\"_blank\" rel=\"nofollow noopener\">less than one-third<\/a> of organizations were fully PCI compliant less than a year after validation. Failure to comply can have severe consequences in terms of loss of trust and credibility, not to mention a penalty of up to $50,000 a day. By <a href=\"http:\/\/news.verizonenterprise.com\/2014\/09\/security-cloud-mobility-services-gartner\/\" target=\"_blank\" rel=\"nofollow noopener\">2018<\/a>, Gartner expects more than 50% of the organizations to use third party security firms to help manage their network infrastructure.<\/p>\n<p>Gallop Solutions has a rich repository of security test cases and maintains its own Network Security Test Center of Excellence. We adopt latest industry test practices to deliver cutting-edge security testing services to leading banks across the world. <a href=\"https:\/\/www.cigniti.com\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Contact us<\/a> to know more.<\/p>\n<p><a href=\"https:\/\/www.cigniti.com\/webinars\/mobile-application-security-testing-right-eyes\/\"><img decoding=\"async\" class=\"aligncenter wp-image-986 size-full\" src=\"https:\/\/cigniti.com\/blog\/wp-content\/uploads\/Banner_06.jpg\" alt=\"Security Testing, Rich Internet Application, Quality Assurance\" width=\"590\" height=\"163\" srcset=\"https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/Banner_06.jpg 590w, https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/Banner_06-300x83.jpg 300w\" sizes=\"(max-width: 590px) 100vw, 590px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over 1 Million people across the world become victims of cyber crime daily with crimes occurring at the rate of 12 per second. Alarmed? You have every reason to be. Since the majority of data breaches relate to debit and credit cards, the PCI DSS standards were set in 2006 to strengthen information security and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":13180,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[832,60,926,1077,1111,1120,498,1469,1471,1473,1481,1485],"ppma_author":[3736],"authors":[{"term_id":3736,"user_id":2,"is_guest":0,"slug":"admin","display_name":"Cigniti Technologies","avatar_url":{"url":"https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/120X120-1.png","url2x":"https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/120X120-1.png"},"user_url":"http:\/\/www.cigniti.com\/","last_name":"Technologies","first_name":"Cigniti","job_title":"","description":"Cigniti is the world\u2019s leading AI &amp; IP-led Digital Assurance and Digital Engineering services company with offices in India, the USA, Canada, the UK, the UAE, Australia, South Africa, the Czech Republic, and Singapore. We help companies accelerate their digital transformation journey across various stages of digital adoption and help them achieve market leadership."}],"_links":{"self":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/posts\/253"}],"collection":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/comments?post=253"}],"version-history":[{"count":0,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/posts\/253\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/media\/13180"}],"wp:attachment":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/media?parent=253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/categories?post=253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/tags?post=253"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}