GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Accelerating cash advance


Industry Update

On track with a new SAQ

Turbulent negotiations for Hypercom, Ingenico

RevolutionCard, Fifth Third stir the processing pot

State bill clarifies breach obligations

Mobile moves up payments line

Jazz up your game at SEAA


NCR debuts SelfServ ATMs

Tracy Kitten

Beacon shining on MLSs

The fight for security - Adapting to new threats

Chris Yaldezian et al
Sterling Commerce

Industry Leader

Marla Knutson –
A glowing payments gem


Cool not enough to propel contactless

Patti Murphy
The Takoma Group


Street SmartsSM:
Back to basics

Dee Karawadra
Impact PaySystem

Merchant tutoring time

Theodore Svoronos
Group ISO

Recruiting is an art form

Nancy Drexler
SignaPay Ltd.

Portfolio sale pitfalls

Adam Atlas
Attorney at Law

ISO compliance challenge

David Mertz
Compliance Security Partners LLC

Company Profile

myARCworld Inc.

New Products

Online survival in the PCI wilderness

PCI Toolkit
CSRSI: The Payment Advisors


The art of charm





Resource Guide


A Bigger Thing

The Green Sheet Online Edition

February 25, 2008  •  Issue 08:02:02

previous next

E-book Review
The fight for security - Adapting to new threats

By Chris Yaldezian et al

Data breaches can seriously impact a firm's bottom line. Monetary costs, along with adverse effects on shareholder value and reputation, are enormous. Financial service professionals, including ISOs and merchant level salespeople, have a compelling reason to effectively thwart data theft.

As an aid to this endeavor, Chris Yaldezian, a Marketing Executive and Financial Services Consultant for Sterling Commerce, collaborated with colleagues at Sterling Commerce to create the e-book entitled The Fight for Security: Adapting to New Threats.

In this 39-page e-book, the Sterling team underscores the shortcomings of traditional file transfer protocol (FTP)-based transmissions. They assert that the problem with FTP is that it has no built-in security or reliability features. Subsequently, many companies report problems with a significant percentage - as much as 80% - of their file transfer operations.

Resulting theft due to FTP and data transfer vulnerabilities has led to substantial financial losses, and the bankcard industry has been looking for answers; one result has been implementation of the Payment Card Industry (PCI) Data Security Standard (DSS), a framework of 12 rigorous security requirements.

The PCI Security Standards Council is responsible for developing and overseeing the PCI DSS. The e-book reiterates that the goal is to reduce the risk of Internet attacks using a variety of means, including data security best practices, firewall configuration, antivirus software and data encryption.

The problem is many merchants and processors are still not clear on how to meet the PCI requirements. The e-book reports that, according to data security provider VeriSign Inc., the 10 most commonly failed PCI requirements and the percentage of noncompliance for each are:

The Sterling team points to a widespread belief that encrypting data transfers via FTP is a viable data security solution, and moving data via FTP is growing, even though the technology has inherent vulnerabilities. Thus, data is exposed to external attacks such as eavesdropping, packet sniffing (extracting the numbers in an electronic transaction), denial-of-service attacks and unauthorized access.

So, how can companies transfer increasingly large and complex files safely and efficiently? The e-book emphasizes that strategies and techniques need to be tailored to each organization's unique processing environment and suggests a comprehensive managed file transfer (MFT) solution. A versatile MFT can put full control into information technology (IT) staff's hands, it states.

The Sterling team also points out that it is critical for an MFT framework to facilitate smooth, secure file transfers and end-to-end visibility, which provides a centralized view of all file transfer activities. This can improve performance, resource utilization, customer satisfaction and service level agreements compliance.

Further, according to the e-book, it is essential to have an infrastructure where IT is aware of all file transfers and has the ability to act on any problem. Then, administrators are alerted to problems early enough to solve them before a delivery window is missed or a service agreement is violated.

And, reliable MFTs reportedly let managers view network topologies, monitor server capacities, and set event triggers to ensure each phase of a complex transfer occurs on time and successfully. This provides the ability to audit data movement activities and see who moved what, when and how.

The sale of fraudulently obtained information over the Internet is growing exponentially. It is a lucrative pursuit for a tenacious new breed of cyber criminals who are making identity theft the crime of the 21st century.

It is difficult to measure the benefits derived from data security measures until a breach occurs. But by then it may be too late.

When focusing on the return on investment, the cost of lax data protection may be going out of business. A major security incident could easily drive an organization into bankruptcy. This e-book offers a proactive approach in securing data to avoid becoming the next breach-nightmare headline. To access the book, visit

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios