Academic literature on the topic 'Credit cards Security measures Standards'

The object of the study is the relations arising during the functioning of the national legal mechanism for ensuring cybersecurity. The subject of the study is presented by regulatory legal acts and sources of "soft law" of Thailand, which establish requirements for information systems of the financial and banking sector. Using the example of the second economy in Southeast Asia - Thailand, the role of the financial regulator of the state – the Bank of Thailand (Bank of Thailand, BOT) in ensuring cybersecurity of the financial and banking sectors is described. The features of the legal status of the Bank of Thailand, determining the coordinating role in the institutional mechanism for ensuring cybersecurity, are highlighted. The key documents of the financial regulator that form the regulatory mechanism for ensuring cybersecurity in Thailand are examined. The powers of the financial regulator of Thailand are distributed among three bodies. The Bank of Thailand controls commercial banks, financial companies, credit institutions, asset management companies, electronic payment services and credit card companies. The Securities and Exchange Commission oversees securities transactions, while the Insurance Commission oversees the activities of insurance companies. Ensuring information security is entrusted to the Bank of Thailand, which is authorized to create a risk management system for financial institutions in order to ensure their stability. To this end, it adopts regulations that establish security standards for three types of information systems: general, serving electronic payments and serving electronic payment cards. Noteworthy is the requirement for information system operators, when concluding a service agreement, to determine the rights of internal and external auditors, as well as an official of the Bank of Thailand to verify transactions and control the service provider. The financial regulator determines the status of service providers of particularly important payment systems, charging them with the obligation to develop security measures for information systems, depending on the types and complexity of their own services.

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

The development of market financial system in Poland was determined to a large extent, globally operating processes of the situation on the financial markets and the processes of adaptation to the normative standards and technological European Union. As part of anti-crisis measures leading central banks, Anglo-Saxon and European financial system have launched a high-budget system, interventionist assistance programs. Finally, the cost of rescuing the financial system was thrown to the proverbial John Doe ie. Most numerous segment of bank customers. Currentlyperformed research carried out in previous years, interventionist government programs to rescue the anti-crisis measures of the key players of the economy from bankruptcy financial and activation of demand, investment, production and liquidity in the credit market. In terms of development-oriented activities of government intervention, the European Central Bank continues to apply mild monetary policy of low interest rates in order to improve liquidity in the financial system and offering cheap money for the development of pro-investment share of credit of commercial banks operating in the European Union.

Іintroduction. Despite the fact that a significant number of scientific publications by well-known Ukrainian authors are devoted to the issues of legal regulation of credit obligations, at the same time separate studies of banking legislation requirements on "acceptability of collateral" have not been conducted in Ukrainian civil science in recent years. This, taking into account the gradual alignment of banking legislation of Ukraine with the standards of Basel III, and Directive 2002/47 / EC of the European Parliament and of the Council of 6 June 2002 on financial collateral mechanisms, necessitates such scientific research. The aim of the article. On the basis of the analysis of the legislation of Ukraine, the legislation of the European Union, scientific advances in the sphere of civil law and banking legislation, in the context of the analysis of the banking legislation of Ukraine, it is safe for creditors. In order to achieve this goal: 1. Conduct an analysis of civil and legal species for the protection of crops for the subject of іх possible delivery to “acceptable safety” and vrahuvannya banks when opening a credit card. 2. Significantly "quasi-security", as viewed by the banking legislation in the form of "acceptable security" for credit cards. 3. Zdіysniti analysis of the approaches to the legislation of the EU in the field of protection from credit denominations. Results. The methodological basis of the study is general scientific and special legal methods of scientific knowledge. In particular, the dialectical method, the method of analysis and synthesis, the comparative law method, the functional method, the modeling method, etc. Conclusions. First, the banking legislation does not consider as "acceptable collateral" such types of collateral as penalty, surety, deposit, retention. Secondly, the banking legislation considers as "acceptable collateral" not only those specified in Part 1 of Art. 546 of the Civil Code of Ukraine types of security for performance of obligations (pledge, right of trust ownership, guarantee), and other types of security for performance of obligations provided by law or contract (reserve letter of credit, performing the function of financial guarantee, guarantees of public entities, guarantee payment), but also contractual constructions which do not concern types of maintenance of performance of obligations (repo agreements). Thus, the banking legislation considers collateral in credit operations from the economic point of view, according to which "acceptable collateral" is only such liquid collateral that guarantees the rapid recovery of the property of the creditor bank, which suffered damage due to default or improper performance of the counterparty loan obligation, as well as "quasi-collateral", if such is referred by banking legislation to "acceptable collateral". Third, the existence of rules in the banking legislation on the acceptability of collateral in no way affects the right of banks to use any type of collateral provided by law or contract, if the application of such is possible in credit relations, taking into account the legal nature of the relevant types. software. Fourth, the set of regulations of the National Bank of Ukraine on the acceptability of collateral can be considered as an institution of banking law, which includes as rules of civil law governing the types of collateral, other rules of contract law governing other "quasi-collateral" contractual constructions, as well as public-law special norms of banking legislation, which establish additional regulatory requirements for banks to ensure credit operations and calculate credit risk.

The purpose of the article is to study the basics of financial security of banking with the identification of threats, their systematization into a single classification to determine ways to increase the financial security of the banking sector. Theoretical bases of financial security of banks are substantiated. The approaches are generalized and the concept of "financial security of the bank" is defined. The main components of the bank's financial security have been formed and the classification of internal and external threats to the banking security system has been carried out. Measures have been identified to prevent external and internal threats to Ukraine's banking sector, which should be developed with minimal resources and time to achieve the desired result. The banking sector of Ukraine (operating banks) for the period 2016–2020 is analyzed, which indicates a tendency to decrease (by 42), and the number of banks with 100% foreign capital increased by 6. To properly assess the level of financial security of Ukrainian banks, the main performance indicators for the period 2016–2020 were studied and it was established that: the banks' assets increased by 18.5% to UAH 1,532,671 million; customer lending decreased from 80% to 68%; return on assets increased by 6.04% and in 2020 amounted to 5.23%, improving the efficiency of banks in 2020 by 1.52. The dynamics of the regulatory capital adequacy ratio, the dynamics of credit risk ratios of banks and the dynamics of financial results of the banking sector of Ukraine are analyzed. Measures to increase the level of financial security of banks, based on the unification of the core indicators of banking and their methodology of calculation according to international standards, which will strengthen legal protection of creditors, maintain low inflation and a stable exchange rate, create a favorable investment climate.

This study was focused on evaluating the factors influencing the decision of customers of GCB bank on the adoption of e-banking. The study used a descriptive design where a structured questionnaire was administered to 351 customers of five selected GCB bank branches in the Kumasi Metropolis using convenient sampling technique. Data was analysed using the Statistical Package for Social Sciences (SPSS) version 20 software. It was identified that although people have knowledge about e-banking, their focus on using it is a bit questionable. For instance, customers are much more conversant in the use of SMS banking and ATM as compared to their conversant use of credit cards, internet banking and phone banking. In terms of the useful features of e-banking that necessitates its adoption by customers, e-banking was seen as convenient, easily accessible, easy to use, useful, advantageous and highly secured. However, issues of inadequate education, huge security issues, high illiteracy, network failure, inadequate governmental policies and slow response from the bank are possible in curtailing the frequent adoption of the services by customers of the bank. Therefore, the management of the bank should put in structures and measures to make the e-banking platforms adopted by the bank more user friendly for customers to subscribe to the products.

The development of the economy directly depends on the state of the banking system, financing and servicing of enterprises by banking institutions. A prerequisite for this is to ensure a stable financial position of banks, which is the main task of both their owners and the regulator of the banking sector. In transition economies with poorly developed financial markets, in most cases, banks are the only institutions that form the necessary information for financial intermediation, provide diversification of financial resources, reduce the level of risk of financial activity, and promote the implementation of leading standards of corporate governance. Even in economically developed countries, banks remain centers of financial and economic activity, while taking a special place among financial institutions as instruments of making credit investments, creating savings and ensuring payments. In addition, stability is extremely important given the functions of financial intermediation, the provision of cash flow, customer satisfaction in financial services, the efficient allocation of credit resources and the maintenance of financial discipline among borrowers. In transition economies with poorly developed financial markets, in most cases, banks are the only institutions that form the necessary information for financial intermediation, provide diversification of financial resources, reduce the level of risk of financial activity, and promote the implementation of leading standards of corporate governance. Even in economically developed countries, banks remain centers of financial and economic activity, while taking a special place among financial institutions as instruments of making credit investments, creating savings and ensuring payments. In the article, the directions of improvement of the mechanism of state regulation of anti-crisis management by the economic security of banking institutions of Ukraine are systematized by systematizing the main measures, which are united in the main directions, in particular such as: the period of implementation; by the entities that implement them; on the mechanisms of implementation; by types of banking activity.

In today’s technological world, it is common for corporations and individuals alike to enjoy and exploit the benefits of cloud computing. These advancements, however, come with a price as the modern technological age continues to grow. By its very nature, the normal course of business has changed drastically. From private entrepreneurial websites to conglomerates like Amazon, Inc., making purchases online has never been easier. Rather than traveling to your products, consumers today simply create an account with a certain business, enter personal credentials, provide a credit or debit card number for the transaction, and give an address for the shipment of their newly owned product. As a way to facilitate this course of business, it is normal for online venders to utilize their consumer’s information and store it for future use in the event that the consumer would like to purchase again. Due to the storing of valuable information onto the cloud, an increasing number of online security breaches via hacking from unauthorized individuals has occurred. This has led to multiple areas of contention between state laws and regulations, the businesses found therein, along with their valuable stored information and the use of the cloud itself. This Note aims to fill the gaps between the legal and the constantly changing technological world. Since valuable personal property is at stake when consumer information is stored in online databases, it is imperative that laws offering protection provide adequate safeguards to those most at risk. In filling these gaps, this Note first explains the use of cloud computing, including cloud variations and the essential components to these online databases. Second, this Note delves into an in-depth analysis of Federal Trade Commission v. Wyndham Worldwide Corporation, a recent FTC (Federal Trade Commission) case that has provided uncertainty in the cybersecurity world. Third, this Note identifies the gray areas from Wyndham that remain in question as well as provides a foundation of existing case law to shed light on the topic. Fourth, this Note proposes a change in the FTC’s current proceedings to provide a rule that identifies specific cybersecurity measures to obtain adequate protections in the event of cyber attacks.

Modern globalization and integration processes, introduction of the latest information technologies, competition in the banking sector, increasing of foreign banking capital share, lack of comprehensive legal regulation of banking activities, lack of development of Ukrainian financial markets, tense criminal challenges lead to new threats to financial security of the banking sector in general and of individual banks in particular. In turn, the efficient functioning of the banking system is impossible without maintaining high level of financial security of each commercial bank. The aim of the research is deepening the theoretical and methodological foundations of commercial bank financial security assessing and to development practical recommendations for improving its level. The subject of the research is theoretical and methodological principles and practical aspects of analysis and assessment of bank financial security level . The methods of the research: logical and meaningful method, method of comparison, method of analysis and synthesis, method of expert estimation, method of coefficients, integral method, etc. The hypothesis of the research. The investigation of the current state of a bank's financial security should be conducted in several stages: questioning of typical (external and internal) threats to the bank's financial security; express analysis of commercial bank financial security level; calculation of the integral index of bank financial security level. The statement of basic materials. The survey conducted typical external and internal threats to bank financial security, the results of which showed that the investigated bank is protected from external threats to financial security by 60% (9 points out of 15 possible) and from internal threats by 100% (15 points out of 15 possible). In the second stage of the process of financial security research, express analysis of financial security was carried out on the bases of the coefficients method, which includes four groups of basic banking indicators: bank financial stability indicators, bank business activity indicators, bank liquidity indicators, efficiency of bank activity indicators. The results of the rapid financial security diagnostics showed that in 2014-2015 the bank had low level of financial security, and in 2016-2018 it was sufficient. In addition, the integral financial security index of the bank is calculated, including the following indicators: financial and economic standards, credit and deposit dollarization, banking performance (ROA, ROE), profitability indicators and others. Integrated financial security indicators show that the highest level of financial security was in 2016, and in 2018 it was sufficient. It also proposes measures to enhance various components of the bank's financial security, the practical implementation of which will improve the efficiency of managing of banking institution financial security. The originality and practical significance of the research is development an approach to assessing commercial bank financial security and implementation it on the example of Raiffeisen Bank Aval. Conclusions and perspectives of further research. The approach to the assessment of the financial security level is proposed, which involves carrying out the evaluation in several stages, namely, the questioning of external and internal threats to bank financial security, express analysis of the financial security level of a commercial bank and calculation of an integral indicator of bank financial security level, which makes possible to assess the bank financial security level. It also proposes measures to enhance various components of the bank's financial security, the practical implementation of which will improve the efficiency of managing of banking institution financial security. As part of the further study it is planned to evaluate the effectiveness of the proposed measures of bank financial security level increasing.

A general assessment of the state of small business, the business environment, unfavorable conditions and opportunities for its development has been carried out. The analysis of the decrease in the rating of ease of doing business in international comparisons is presented. The features of the state and prospects of Ukraine in the Eastern Partnership are revealed in the context of the policy of supporting small and medium-sized businesses. The directions of the European Union’s financial assistance to Ukrainian entrepreneurship are revealed. Attention is focused on strengthening European aid during the COVID-19 pandemic. The directions of activities created within the framework of assistance from the European Union – the Office for the Development of Small and Medium Enterprises, the Office for the Promotion of Ukraine’s Exports, the Ukrainian Foundation for Standards, and the Office for Effective Regulation are disclosed. The possibilities of presenting Ukrainian goods and services, which are unique and competitive, to foreign markets are revealed. The need for the development of certain types of creative industries with an emphasis on specialized activities in the field of design has been substantiated. In the list of barriers to implementation, the lack of an industrial design ecosystem is put in the first place. It is proposed to include creative formations in regional development strategies through public-private partnerships. The essence and content of directions and measures of state policy of Ukraine to support entrepreneurship, which have legal regulation, are disclosed. State support for certain industries and spheres of activity included assistance in case of partial unemployment, credit holidays, tax preferences, cheaper loans, financial support for agribusiness, development of the National online platform “Action. Business”. The directions of state support by target groups have been systematized. It is proposed to use such levers and mechanisms that will strengthen the state anti-pandemic policy.

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet
Computing
M.Sc. (Information Systems)

The use of credit cards has become a way of life in many parts of the world. Credit cards have also created many new opportunities for criminal activity. It is in this light that organizations such as VISA International have explored a variety of security alternatives by constantly reviewing security measures that may be applied to cards and devote considerable resources to the maintenance of security systems and programmes. These programmes mandated by the association, include uniform card standards, security standards for manufactures, embossing and encoding of cards, standards for mailing the cards and credit background investigations of applicants. These standards assist investigators in examining counterfeit cards and distinguish a counterfeit card from a genuine card. The constant reviewing of security features and methods by the association is to create a card that is technically difficult to alter or counterfeit.
Criminology
M.Tech. (Forensic Investigation)

As the number of purchases over the internet has increased and the method of payment is a credit or debit card, e-commerce merchants must be able to accept online payment using the card data. Cyber-criminals have found ways to capture the information on credit and debit cards and use this information to make purchases and remove money from bank accounts which costs merchants lost revenue and chargebacks fees and costs consumers and banks lost funds. The process by which credit and debit card payments are processed beginning with the e-commerce merchant's website to a card processor or service gateway to the credit or debit card company's network to the issuing bank's network with an accept or decline response being returned to the merchant's shopping cart system via the same networks is discussed. The issue of credit and debit card fraud in terms of how cyber-criminals function and the solutions used to deter these attempts by the cyber-criminals is covered. The security standards and a list of preventive measures that should be used by e-commerce merchants are discussed.

As the number of purchases over the Internet has increased and the method of payment is a credit or debit card, e-commerce merchants must be able to accept on-line payment using the card data. Cyber-criminals have found ways to capture the information on credit and debit cards and use this information to make purchases and remove money from bank accounts which costs merchants lost revenue and chargebacks fees and cost consumers and banks lost funds.. The process by which credit and debit card payments are processed beginning with the e-commerce merchant's web site to a card processor or service gateway to the credit or debit card company's network to the issuing bank's network with an accept or decline response being returned to the merchant's shopping cart system via the same networks is discussed. The issue of credit and debit card fraud in terms of how cyber-criminals function and the solutions used to deter these attempts by the cyber-criminals is covered. The security standards and a list of preventive measures that should be used by e-commerce merchants are discussed.

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

The Privacy Journal (2003), a print newsletter and Web site devoted to privacy matters, defines the present-day use of the word privacy as “the right of individuals to control the collection and use of personal information about themselves.” Similar definitions are provided by law specialists (Gavison, 1980; Warren & Brandies, 1890). The networked society changes the way in which privacy rights are defined, used and interpreted, because: a. The IT-enabled channels of communication change the rules of personal and commercial interaction; b. The participation in the networked society implies a diminishing of individual privacy rights. The fundamental principle of the networked society is information sharing and processing (Kling & Allen, 1996). Advances in computing technology—that represents the infrastructure of the networked society—make possible to collect, store, analyze, and retrieve personal information created in the process of participation. The manifestation and the protection of individual privacy rights represent the field of conflict between various disciplines and social events. The heterogeneous nature of this phenomenon is mirrored in this paper, which aims to present the complex nature of privacy rights in the context of the networked society. The study proposes a negotiating model of online privacy rights, and analyses the necessary conditions for the implementation of this model on the Internet. The new economy is redefined on the basis of information entrepreneurism (Kling & Allen, 1996; Zwick & Dholakia, 1999). This cultural paradigm emphasizes the use of data-intensive analysis techniques for designing and implementing effective marketing and management strategies. This has as a direct consequence the use of an information superpanopticon–a concept derived from Foucault’s panopticon, a system of perfect surveillance and control. Online privacy is a major concern for Internet users (Ackerman, Cranor, & Reagle, 1999). For the individual Internet user, the privacy threats fall into two main categories: a. Web tracking devices that collect information about the online behavior of the user (e.g., cookies); b. The misuse of the personal information provided by the online user in exchange of specific benefits: increased personalization, Web group membership, etc. The databases, intelligent agents and tracking devices are surrounding the Internet users with a Web of surveillance, which is often hidden and unknown to the users. The surveillance is initiated by the simple act of presence on the Internet. Specialized software applications, such as cookies are tracking the online behavior of Internet users, feeding the data into databases, which create and permanently update a profile of online consumers. These profiles are then used for segmenting the market and targeting the most profitable consumers. A company can use cookies for various valid reasons: security, personalization, marketing, customer service, etc., however, there is an important distinction between cookies, which are active only within a specific Web site, and the ones that can track the user’s activity across unrelated Web sites. Recently, some aggregator networks have deployed hidden ‘pixel beacon’ technology that allows ad-serving companies to connect unrelated sites and overcome the site-specific nature of traditional cookies (Mabley, 2000). Additionally, some companies are now connecting this aggregated data with offline demographic and credit card data. Eventually, these resulting databases can be used or sold as powerful marketing tools. Exercising control of information, after it was voluntarily released, presents another critical problem. The misuse of personal information covers many possible aspects, which can be defined as any use which is not explicitly defined in the company’s privacy disclaimer, or which is not approved by the informed customer. For example, in 2000, Toysurus.com was subject to intense debate and controversy, when it was discovered that shoppers’ personal information was transferred through an unmarked Internet channel to a data processing firm, for analysis and aggregation. This operation was not disclosed in the company’s privacy disclaimer, and therefore, online customers were not aware of it. Regulators and legislators have addressed the controversial privacy issue quite differently across the world (Nakra, 2001). The USA, the largest world’s financial and Internet market, has not yet adopted a national, standard-setting privacy law (Jarvis, 2001). U.S. privacy statutes have primarily focused so far on protecting consumers’ financial data, health information, and children’s personal information (Desai, Richards, & Desai, 2003; Frye, 2001). In comparison with the American official opinion that online privacy protection is a matter of voluntary self-regulation by market-driven companies, the Europeans consider that it is more effective to enforce specific legislation regarding this issue. The current European approach is based on three basic tenets: 1. Individuals have the right to access any data relating to them and have it kept accurate and up-to-date; 2. Data cannot be retained for longer than the purpose for which it was obtained, nor used or disclosed “in a matter incompatible with that purpose”, and must be kept only for “lawful purposes”; 3. Those who control data have “a special duty of care” in relation to the individuals whose data they keep. Data commissioners oversee these rights in each European country and require most “data controllers”—people who handle data—to register with them to track what information is being collected and where. They are charged also with investigating all complaints from citizens. These principles have been incorporated in the European Data Directive, which came into effect in 1998, and more recently, in the European Directive on Privacy and Electronic Communications, adopted in 2002. Despite these legislative efforts, it is not yet clear how effective are the measures implemented by EU States. The direct involvement of governmental institutions can be considered as a form of censorship that can undermine the freedom and the flexibility of the Internet domain.