Your Subtitle text
Security Bit by Bit, LLC
Home Page
In security, common sense is not an optional extra
Secure Payment systems are the holy grail, but secure data and collaboration is equally valuable, and critical.
Ease of use too often compromises the integrity of systems which we really cannot afford to have fail.
A positive and supportive work environment is a security asset.
Oppressive conditions increase resistance, carelessness and non-compliance.
Security is NOT someone else's problem.
Secure Payment systems are the holy grail, but secure data and collaboration is equally valuable, and critical.
Ease of use too often compromises the integrity of systems which we really cannot afford to have fail.
A positive and supportive work environment is a security asset.
Oppressive conditions increase resistance, carelessness and non-compliance.
Security is NOT someone else's problem.
Security and integrity of transactions - money or data - is a must
We are our own worst enemies
Usernames and passwords on yellow Post-It® notes on the monitor are a vulnerability
Complacency is the problem
Giving out that username and password on the phone endangers everyoneSecurity is not a given
To the bank it is a statistic, to you, it's your moneyThere are no silver bullets
Anti-virus, a firewall, or any single thing, do not security systems make
Just a lot of little things
Compliance is a necessary but not sufficient condition for security
Common sense measures
The more practical the measures, the better the security practice
Technologies & Behaviors
Not a thing, but a system, made up of people, software, hardware
Together mitigate the risks we share
Reasonable risk profiles and trade-offs build practical security systems
In a connected world
Collaboration is the power of the net, and the leverage for many a security breach!
Good security is built bit by bit!
systems
design, anti-virus, systems maintenance, spam filtering, observe security policy,
network, intrusion detection, firewalls, systems design, collaboration, simplicity, firewall, systems updates, application updates, follow the news, don't ignore the symptoms, ask for help, use common sense, prevent key logging, get a second opinion malware scan, beware of USB sticks and data theft, complexity is vulnerability, scan weekly, have endpoint security, smart phone security, authentication, guard your payment credentials, user names and paswords, business continuitiy, disaster recovery, backups, backups, and backups, web filtering, identity management
Payment by push or by pull, that's the question!
Collaboration systems spanning across space and time are the soul of the Internet. Secure payment is the killer application. Many security technologies have their origins in the protections needed for commercial transactions and payment over distances. Apart from speed, and greater invisibility, nothing has changed since days of the mail coach, or the challenges of long distance trade and transactions in the ancient world, and security systems still follow the same concepts.If security is the greatest challenge in the online world, superior payment systems are the number one payoff from effective security solutions, as secure payment is absolutely material to any long distance business transaction. Without payment integrity, value creation online is forever limited. Current systems are self-defeating because abuse of the protections needed to make them work become the basis of many frauds and security breaches, and drive up transaction costs in the long run.
Almost all current payment systems follow the legacy model of checks, and have the same vulnerabilities: the merchant is authorized to PULL funds from the account of the customer/payor. Such payment by pull flies in the face of real time transactions, as it must of necessity offer the protection of repudiation, and revocation. Only if we change the direction, and allow payment by PUSH only, can we achieve non-repudiable real time settlement, that is as irrevocable as cash, and suddenly meaningful real time transactions can be accomplished. Security gains immeasurably for payment by push obviates the need to have the payor's credentials reside on the servers with the merchants, where they are a target for electronic break-ins, identity theft and they become major security risks and liabilities.
The PinPay payment network offers great simplicity and therefore security by design, which reduces risk for both merchants and users. As a user it means that I only pay when I want to pay, and that I do not have to give out my credentials, as a merchant it means that I no longer have the liability associated with having the payment credentials of my customers on file, nor is there a payment processor who has to handle those transactions and increases the risk of abuse even further. In this case, simplifying the transaction process reduces security risks, and produces as safer payment model. This is security by design.
Secure collaboration must integrate secure payment systems, so transactions can be consummated, to think of collaboration without considering payment is nearly pointless. We are only at the beginning. Likewise effective collaboration depends on verifiable credentials, on authentication, which in turn leads to a virtuous circle, because it enables secure payments.
