Monday, March 9, 2009

Ten Commandments of Web Payments




The Ten Commandments of the Web Payment Card Industry

I   Thou shalt assume that the operating system software environment is compromised by all sorts of malware.

II
   All cards shall be secured with a PIN number.

III
  No user will ever be asked to provide their PIN to anyone.

IV
  All PIN numbers shall be entered via a secure I/O method, either an encryptedPED or controlled keyboard input.

V
   All credit card PIN’s must differ from your bank issued PIN.


VI   All card, personal, and key information shall be encrypted in volatile siliconand/or memory prior to transmission.

VII
  At no time will any sensitive data be transmitted in the clear.

VIII
No card or account data will be stored in user accessible storage.

IX
   All silicon will be secured to a circuit board with a Tamper ProofModule or Trusted Platform Module.

X      On any wPCI certified web portal, no two parties will directly transmitaccount information to one another.





Reblog this post [with Zemanta]

Disqus for ePayment News