Cable cut slows down the communications

Three cables under the Mediterranean Sea which link Europe to West Asia have been damaged, causing partial slowdown in India’s Internet and telecom traffic.

Experts said outsourcing traffic and Internet speed were affected yesterday. However, most BPO firms and individual Internet connections are working at normal speed today.

Most of India’s Net traffic is routed through the US and consequently the Pacific link is more important for India than the Mediterranean link, they said.

An IPLC is a point-to-point private line used by an organisation to communicate among its offices across the world.

“Today being a Saturday, we may not feel the full impact of the cuts. Moreover, given the global slowdown, most companies themselves are working fewer hours, and, hence, the impact may be lower,” said Rajesh Chharia, the president of the Internet Service Providers Association of India.

Repair teams are on the job and have diverted most of the traffic through the US, but if the three undersea cables, Sea Me We 4 (SMW-4), Sea Me We 3 (SMW-3) and FLAG, are not completely restored by the weekend, companies could face problems next week.

Internet traffic “from Mumbai to London has now been re-routed via Hong Kong which may lead to congestion and increased latency on this route”, Reliance said in an e-mailed “traffic disruption update”. A Reliance spokesperson added: “Most services are working normally now.” The company said it would publish another update on its website tomorrow.

SMW-3 and SMW-4 are owned by groups of phone companies, including Bharti Airtel, while FLAG is owned by Reliance Globalcom — part of the Anil Ambani-owned Reliance Communications.

The causes of the cut — located in the Mediterranean between Sicily and Tunisia on sections linking Sicily to Egypt — remain unclear.

Chharia expressed surprise at “the regularity with which these cuts have been happening”. Earlier this year, SMW4 and FLAG were damaged near Alexandria off the coast of Egypt.

In 2006, an earthquake with its epicentre near Taiwan had severed several undersea cables.

Submarine cables are laid beneath the sea to carry telephone and Internet traffic. They can be broken or damaged by fishing trawlers, anchoring, undersea avalanches and even shark bites.

Microsoft to release the patch for the IE vulnerability

A FLAW has emerged in Microsoft’s Internet Explorer web browser software which allows hackers to steal information from people’s PCs if they visit certain websites.

Computer security experts only became aware of the issue when websites cropped up that were exploiting the flaw to steal user accounts for online gaming, which can then be sold on. Security problems such as this, which are discovered by hackers before the makers of the software, are known as “zero day exploits”.

Chinese websites were initially compromised but last night Brian Honan of the Irish Reporting and Information Security Service, said that about 10,000 sites had been infected worldwide.

Microsoft yesterday issued a statement advising its customers to “follow simple safety guidelines”, including ensuring their software is fully updated and that they have current security software installed and switched on. It advised consumers worried about how to protect their PC to read the advice at www.microsoft.com/protect.

Last night Microsoft announced it would release an update today which it is believed will address the problem.

Microsoft’s investigation has shown the attacks are targeting customers using Internet Explorer 7, but it said the vulnerability affects all versions of Internet Explorer.

Some security experts advised people to switch to a different web browser, such as Mozilla Firefox or Apple’s Safari, until a solution for the problem was developed by Microsoft. Irish security experts suggested this was not an option for most internet users.

“If people were to change their browser every time a vulnerability was discovered they would be constantly changing,” said Colm McDonnell, a security expert with Deloitte. He advised people to change their Internet Explorer security settings to High until they install the patch which is being issued.

Microsoft to release the patch for the IE vulnerability

A FLAW has emerged in Microsoft’s Internet Explorer web browser software which allows hackers to steal information from people’s PCs if they visit certain websites.

Computer security experts only became aware of the issue when websites cropped up that were exploiting the flaw to steal user accounts for online gaming, which can then be sold on. Security problems such as this, which are discovered by hackers before the makers of the software, are known as “zero day exploits”.

Chinese websites were initially compromised but last night Brian Honan of the Irish Reporting and Information Security Service, said that about 10,000 sites had been infected worldwide.

Microsoft yesterday issued a statement advising its customers to “follow simple safety guidelines”, including ensuring their software is fully updated and that they have current security software installed and switched on. It advised consumers worried about how to protect their PC to read the advice at www.microsoft.com/protect.

Last night Microsoft announced it would release an update today which it is believed will address the problem.

Microsoft’s investigation has shown the attacks are targeting customers using Internet Explorer 7, but it said the vulnerability affects all versions of Internet Explorer.

Some security experts advised people to switch to a different web browser, such as Mozilla Firefox or Apple’s Safari, until a solution for the problem was developed by Microsoft. Irish security experts suggested this was not an option for most internet users.

“If people were to change their browser every time a vulnerability was discovered they would be constantly changing,” said Colm McDonnell, a security expert with Deloitte. He advised people to change their Internet Explorer security settings to High until they install the patch which is being issued.

The Payment Card Process

When a payment happens using a payment card (debit/credit) a verification process happens at the background which will decide whether to approve or reject the transacation. When a customer pays for products or services with a credit card, the card information is recorded—either by manual entry, a card imprinter, point-of-sale (POS) terminal, or virtual terminal—and then verified so that the merchant can receive payment for the transaction.

This process involves the following parties:

• Cardholder: the owner of the card used to make a purchase
• Merchant: the business accepting credit card payments for products or services sold to the cardholder
• Acquirer: the financial institution or other organization that provides card processing services to the merchant
• Card association: a network such as VISA® or MasterCard® (and others) that acts as a gateway between the acquirer and issuer for authorizing and funding transactions
• Issuer: the financial institution or other organization that issued the credit card to the cardholder

The flow of information and money between these parties—always through the card associations—is known as the interchange, and it consists of a few steps:

1. Authorization: The cardholder pays for the purchase and the merchant submits the transaction to the acquirer. The acquirer verifies with the issuer—almost instantly—that the card number and transaction amount are both valid, and then processes the transaction for the cardholder.
2. Batching: After the transaction is authorized it is then stored in a batch, which the merchant sends to the acquirer later to receive payment (usually at the end of the day).
3. Clearing and settlement: The acquirer sends the transactions in the batch through the card association, which debits the issuers for payment and credits the acquirer. In effect, the issuers pay the acquirer for the transactions.
4. Funding: Once the acquirer has been paid, the merchant receives payment. The amount the merchant receives is equal to the transaction amount minus the discount rate, which is the fee the merchant pays the acquirer for processing the transaction.

The above text is extracted from the Bank of America website and the URL is given below.

http://www.bankofamerica.com/small_business/merchant_card_processing/index.cfm?template=card_processing_basics#cardprocessing

PCI DSS History

PCI DSS originally began as five different security programs by five different card companies:

• Visa Card Information Security Program (CISP)
• MasterCard Site Data Protection
• American Express Data Security Operating Policy
• Discover Information and Compliance
• JCB Data Security Program

Each of these companies intended to create an additional level of protection to customers, hence ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. The Payment Card Industry Security Standards Council was formed, and on the 15 December 2004, these companies aligned their individual policies and created Payment Card Industry Data Security Standard (PCI-DSS) version 1.0.

In September 2006 , the PCI standard was updated to version 1.1 to provide clarification and minor revisions to version 1.0. In October 2008, the PCI DSS version 1.2 is released and provided clarity on some of the debated requirements.

VISA and MasterCard plays a key role in promoting and enforcing the PCI DSS across the industry.

• MasterCard is responsible for certifying products and companies capable of fulfilling the Scanning requirements
  • These are often referred to as SDP Certified products and/or companies
• Visa is responsible for training and certifying companies and individuals capable of fulfilling the Onsite Audit
  requirements
  • Such companies are called QSAs (Qualified Security Assessors) and the individuals are called QSAPs (Qualified Security Assessor Personnel)
• The other PCI organisations are contributors to the standards