Methods and systems for performing security risk assessments of internet merchant entities
First Claim
1. A method for implementing a security risk assessment for a merchant entity having connectivity to a shared network, the method comprising:
- receiving at a host computer system including a processor, from each of a plurality of payment-processing organizations, a set of security requirements defining protocols for implementing commercial transactions over the shared network using instruments identified with the payment-processing organization;
developing, with the processor at the host computer system, a security test scheme having a set of test requirements whose satisfaction by the merchant entity is sufficient to ensure compliance with the sets of security requirements defined by each of the plurality of payment-processing organizations;
performing a remote scan of a network site maintained by the merchant entity on the shared network in support of shared-network commercial transactions with a security compliance authority server by the host computer system, the remote scan implementing at least a subset of the set of test requirements to evaluate compliance by the merchant entity; and
transmitting a questionnaire from the host computer system to the merchant entity with the security compliance authority server, the questionnaire including queries whose truthful response identifies a level of compliance with at least some of the test requirements.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for assessing a security risk for a merchant entity having connectivity to a shared network. Information describing characteristics of the merchant entity are received from the merchant entity. A determination is made which test requirements of a security test scheme are to be used in assessing the security risk for the merchant entity. The security test scheme includes a set of test requirements whose satisfaction by the merchant entity is sufficient to ensure compliance with a multiple sets of security requirements defined by multiple payment-processing organizations. The security test scheme is executed with a security compliance authority server in accordance with the determined test requirements.
-
Citations
21 Claims
-
1. A method for implementing a security risk assessment for a merchant entity having connectivity to a shared network, the method comprising:
-
receiving at a host computer system including a processor, from each of a plurality of payment-processing organizations, a set of security requirements defining protocols for implementing commercial transactions over the shared network using instruments identified with the payment-processing organization; developing, with the processor at the host computer system, a security test scheme having a set of test requirements whose satisfaction by the merchant entity is sufficient to ensure compliance with the sets of security requirements defined by each of the plurality of payment-processing organizations; performing a remote scan of a network site maintained by the merchant entity on the shared network in support of shared-network commercial transactions with a security compliance authority server by the host computer system, the remote scan implementing at least a subset of the set of test requirements to evaluate compliance by the merchant entity; and transmitting a questionnaire from the host computer system to the merchant entity with the security compliance authority server, the questionnaire including queries whose truthful response identifies a level of compliance with at least some of the test requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for assessing a security risk for a merchant entity having connectivity to a shared network, the method comprising:
-
receiving information, at a host computer system including a processor, describing characteristics of the merchant entity from the merchant entity; determining at the host computer system using the processor which test requirements of a security test scheme to use in assessing the security risk for the merchant entity, wherein the security test scheme includes a set of test requirements whose satisfaction by the merchant entity is sufficient to ensure compliance with a plurality of sets of security requirements defined by a plurality of payment-processing organizations; and executing the security test scheme with a security compliance authority server in accordance with the determined test requirements, wherein executing the security test scheme comprises transmitting a questionnaire from the host computer system to the merchant entity with the security compliance authority server, the questionnaire including queries whose truthful response identifies a level of compliance with at least some of the test requirements. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium having a computer-readable program embodied therein for direction operation of a security compliance authority server including a communications system, a processor, and a storage device, wherein the computer-readable program includes instructions for operating the security compliance authority server to assess a security risk for an merchant entity having connectivity to a shared network in accordance with the following:
-
receiving, with the communications system, information describing characteristics of the merchant entity; determining, with the processor, which test requirements of a security test scheme to use in assessing the security risk for the merchant entity, wherein the security test scheme is stored on the storage device and includes a set of test requirements whose satisfaction by the merchant entity is sufficient to ensure compliance with a plurality of sets of security requirements defined by a plurality of payment-processing organizations; and executing, with the processor, the security test scheme in accordance with the determined test requirements, wherein executing the security test scheme comprises transmitting a questionnaire from the host computer system to the merchant entity with the security compliance authority server, the questionnaire including queries whose truthful response identifies a level of compliance with at least some of the test requirements. - View Dependent Claims (20, 21)
-
Specification