Assignment Week 9 – BD308 – Hilma Aulia – 2581494366

Nama: Hilma Aulia Daffa 
NIM: 2551494366

Pertanyaan:

  1. What is the primary goal of PCI DSS?
  2. How does an SSL/TLS certificate help secure an e-commerce transaction? How can a user verify a site has one?
  3. Why is it generally more secure for a small digital business to use a trusted payment gateway instead of processing and storing credit card details itself?

Jawaban:

1.Basically, the whole point of PCI DSS (Payment Card Industry Data Security Standard) is just to make sure that any environment used for handling credit card info—whether we’re talking about storing, processing, or just sending it—is actually secure. It’s not just a suggestion; it acts as a baseline for technical and operational rules that every organization dealing with branded cards has to follow.

The idea here is to protect cardholder data from getting leaked and, by extension, cut down on credit card fraud. To do that, the standard mandates some pretty strict security controls. Essentially, if a company handles card info, they’re required to have these safeguards in place so that the data doesn’t end up in the wrong hands.

2.When we talk about online security, the first thing that usually comes to mind—or at least what we see every day—is the SSL/TLS certificate. Basically, its main job is to create a secure, encrypted “tunnel” between our browser and the server we’re visiting.

Think of it as a way to scramble sensitive info, like your passwords or credit card details, into something unreadable. So, even if someone tries to snoop or intercept the data while it’s traveling through the web, they won’t be able to make sense of it. It’s less about stopping the data from being sent and more about making sure only the right person can actually read it.

As a user, you don’t really need to be a tech expert to know if a site is actually using one. There are a few quick “tells” you can look for:

First off, just glance at the URL bar. A secure site will always start with https://—the “s” at the end literally stands for secure. If it’s just http, you probably shouldn’t be entering any personal info there. Most modern browsers also make this even easier by showing a small padlock icon right next to the address.

If you’re feeling a bit more curious (or suspicious), you can actually click that padlock. It opens up a menu where you can dig into the certificate details. You’ll see things like who issued the certificate, how long it’s valid for, and exactly which organization owns the site. It’s a good habit to have, especially before you hit “buy” on a site you’ve never used before.

3.Actually, the main reason this approach is safer is that it shifts the whole “security headache” to people who actually specialize in it. If a small business tries to handle and store credit card details themselves, they’re hit with these incredibly strict PCI DSS compliance rules. Honestly, maintaining that kind of infrastructure and paying for constant security audits is just way too expensive and complicated for most.

By plugging into a trusted gateway—think Stripe or PayPal—the business basically keeps its hands clean. They never actually see or “touch” the raw card data. Instead, the gateway handles everything through tokenization on their own secure servers. So, even if the business’s site gets hacked, there’s no sensitive data sitting in their local database for anyone to steal in the first place. It basically removes the target from their back.

 

 

Previous Post Previous Post
Newer Post Newer Post

Leave a comment