电子支付风险控制发展趋势_[全文].docVIP

Hong Kong 1/a. Thailand . Singapore . Philippines . China . Macau . United Kingdom 电子支付风险控制发展趋势 Trend of Online Payment fraud control A s i a P a y L i m i t e d 目录 电子支付行业安全交易体系 完善的风险控制系统 风险和欺诈管理框架 风险控制系统适用平台 优秀的风控系统实现支付交易“零”成本 关于AsiaPay联款通 电子支付公司安全标准 - Maintain a policy that addresses information security for employees and contractors - 维护针对雇员和承包商信息安全的政策。 6. Information Security Policy信息管理政策 - Track and monitor all access to network resources and cardholder data Regularly test security systems and processes with vulnerability scans and penetration testing -定期监控网络和测试网络 -定期测试安全系统和流程并使用弱点扫描和 穿透测试 5. Monitor and Test Networks 监测和测试网络 - Restrict access to cardholder data by business need-to-know - Assign a unique ID to each person with computer access Restrict physical access to cardholder data 将对系统组件和持卡人数据的访问限制为只有工作需要访问这些数据的人 为每位拥有计算机访问权限的用户分配唯一的 ID 限制对持卡人数据的物理访问 4. Access Control Measures 接入控制措施 - Use and regularly update anti-virus software or programs - system components and software have the latest vendor-supplied security patches installed. -使用并定期更新杀毒软件或程序 -所有系统组件和软件都安装了最新的供应商提供的安全补丁 3. Vulnerability Management 攻击管理 Limit cardholder data storage and retention time Render PAN unreadable anywhere it is stored Encrypt transmission of cardholder data across open, public networks 使持卡人数据存储最小化并制定数据保留和处理政策 PAN 在存储的地方不可读 在开放型的公共网络中传输持卡人数据时会加密 2. Protect Cardholder Data 保护持卡人信息 Maintain a unified threat management configuration to protect cardholder data 维护统一威胁管理系统以保护持卡人信息 Do not use vendor-supplied defaults for system passwords and implement security parameters for all system components 不使用供应商提供的默认密码和并设置符合行业接受的系统安全标准 1. A secure Network 安全的网络 Internet with SSL Acquring Bank Bank Interface Program Firewal防火墙l Web Server Database Server Application Server Load Balancer Internet with SSL Merchant#039;s Online Shop SMS to Mobile Phone Wireless POS PDA with mCert Notebook with Wireless device Telco Inter-operability with Extended Validation (EV) SSL