Featured Research

from universities, journals, and other organizations

New Scoring System Protects Credit Card Transactions

Date:
November 11, 2007
Source:
National Institute of Standards and Technology
Summary:
As this year's holiday season approaches, your credit card transactions may be a little more secure thanks to the Common Vulnerability Scoring System. When you make an electronic transaction -- either swiping a card at a checkout counter or through a commercial website -- you enter personal payment information into a computer.

As this year's holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry. The latest incarnation of these standards include the Common Vulnerability Scoring System (CVSS) Version 2 that was coauthored this year by researchers at the National Institute of Standards and Technology and Carnegie Mellon University in collaboration with 23 other organizations.

Related Articles


When you make an electronic transaction--either swiping a card at a checkout counter or through a commercial Web site--you enter personal payment information into a computer. That information is sent to a payment-card "server," a computer system often run by the bank or merchant that sponsors the particular card. The server processes the payment data, communicates the transaction to the vendor, and authorizes the purchase.

According to NIST's Peter Mell, lead author of CVSS Version 2, a payment-card server is like a house with many doors. Each door represents a potential vulnerability in the operating system or programs. Attackers check to see if any of the "doors" are open, and if they find one, they can often take control of all or part of the server and potentially steal financial information, such as credit card numbers.

For every potential vulnerability, CVSS Version 2 calculates its risks on a scale from zero to 10, assesses how the vulnerability could compromise confidentiality (exposing private information such as credit card numbers), availability (could it be used to shut down the credit card system") and integrity (can it change credit card data"). The CVSS scores used by the credit card industry are those for the 28,000 vulnerabilities provided by the NIST National Vulnerability Database (NVD), sponsored by the Department of Homeland Security.

To assess the security of their servers, payment card vendors use software that scans their systems for vulnerabilities. To promote uniform standards in this important software, the PCI (Payment Card Industry) Security Standards Council, an industry organization, maintains the Approved Scanning Vendor (ASV) compliance program, which currently covers 135 vendors, including assessors who do onsite audits of PCI information security. By June 2008, all ASV scanners must use the current version of CVSS in order to identify security vulnerabilities and score them.

Requiring ASV software to use CVSS, according to Bob Russo, General Manager of the PCI Security Standards Council, promotes consistency between vendors and ultimately provides good information for protecting electronic transactions. The council also plans to use NIST's upcoming enhancements to CVSS, which will go beyond scoring vulnerabilities to identify secure configurations on operation systems and applications.


Story Source:

The above story is based on materials provided by National Institute of Standards and Technology. Note: Materials may be edited for content and length.


Cite This Page:

National Institute of Standards and Technology. "New Scoring System Protects Credit Card Transactions." ScienceDaily. ScienceDaily, 11 November 2007. <www.sciencedaily.com/releases/2007/11/071108162004.htm>.
National Institute of Standards and Technology. (2007, November 11). New Scoring System Protects Credit Card Transactions. ScienceDaily. Retrieved November 24, 2014 from www.sciencedaily.com/releases/2007/11/071108162004.htm
National Institute of Standards and Technology. "New Scoring System Protects Credit Card Transactions." ScienceDaily. www.sciencedaily.com/releases/2007/11/071108162004.htm (accessed November 24, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Monday, November 24, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Symantec Uncovers Sophisticated Spying Malware Regin

Symantec Uncovers Sophisticated Spying Malware Regin

Newsy (Nov. 24, 2014) A Symantec white paper reveals details about Regin, a spying malware of unusual complexity which is believed to be state-sponsored. Video provided by Newsy
Powered by NewsLook.com
Hackers Target Business Travellers

Hackers Target Business Travellers

Reuters - Business Video Online (Nov. 24, 2014) A newly detected malware, dubbed Darkhotel, infects hotel networks with spying software to steal sensitive data from the computers of high profile business executives, warns a leading computer security firm. Ciara Lee reports. Video provided by Reuters
Powered by NewsLook.com
Microsoft Adds Robot Guards, Ushers In Sci-Fi Apocalypse

Microsoft Adds Robot Guards, Ushers In Sci-Fi Apocalypse

Newsy (Nov. 23, 2014) Microsoft has robotic security guards working at its Silicon Valley Campus. Video provided by Newsy
Powered by NewsLook.com
European Parliament Might Call For Google's Break-Up

European Parliament Might Call For Google's Break-Up

Newsy (Nov. 22, 2014) This is the latest development in an antitrust investigation accusing Google of unfairly prioritizing own products and services in search results. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins