Payment applications security
SSL-CERTIFICATE
SSL-certificate - this is your site digital certificate, which confirms that communication between the browser and the website is conducted over a secure channel. Secure Site with SSL allows you to encrypt all information that is passed between website and client software. In addition, information is also protected by a digital signature, which ensures privacy and provides a secure connection.
WEB APPLICATION FIREWALL
To protect Web-based applications, the specialized solutions used such as WEB Application Firewall. They have built-in intrusion prevention functionality and provide protection against Web-motivated attacks such as buffer overflows, SQL injection, Cross Site Scripting, change requests, and other parameters. The solution of this class filters requests for access to applications and blocks all actions which do not relate to the permitted user activity.
ONE-TIME PASSWORD GENERATION SYSTEM (GEMALTO)
One-time password (OTP) is a password valid for only one session authentication One-time password activity can be also limited to a specific period of time. The advantage of one-time password compared with static is that the password can not be reused. Thus, attacker who successfully intercepted data from authentication session can not use password copied to access the secure information systems. Usage of one-time passwords by itself does not protect against attacks based on the active intervention into communication channel that is used for authentication (for example, from the attacks of the «middle man»).
SCANNING APPLICATIONS
Service is perfectly fits to any organization that must comply with PCI, and it is an ideal solution for small and medium businesses and other organizations on behalf of:
- Protection of information on users of payment card and to prevent network from possible hacking.
- To conduct scanning of network by authorized scan vendor (ASV) every 90 days.
- Maintain the security level of web-applications according to the requirements of PCI DSS ( item 6.6 )