Cyber Security (BD308) – Assignment Week 9 – Syafira Aulia

Module Question 9

 

1. What is the primary goal of PCI DSS?

Answer :

The primary goal of the Payment Card Industry Data Security Standard (PCI DSS) is to protect cardholder data and reduce credit card fraud by implementing a set of strict security controls. It ensures that any business that accepts, processes, stores, or transmits credit card information maintains a secure environment. By following these standards, a business minimizes the risk of a data breach, which protects not only the customers’ financial information but also the company’s reputation and legal standing.

2. How does an SSL/TLS certificate help secure an e-commerce transaction? How can a user verify a site has one?

Answer :

An SSL/TLS certificate secures e-commerce transactions by creating an encrypted link between the user’s web browser and the store’s server. This ensures that sensitive data, such as login credentials or credit card numbers, cannot be intercepted or read by hackers during transit. A user can verify that a site has an active certificate by looking for a padlock icon in the browser’s address bar and checking if the URL begins with “https://” (where the “s” stands for secure). Clicking on the padlock allows the user to view the certificate’s validity and the issuing authority.

3. Why is it generally more secure for a small digital business to use a trusted payment gateway instead of processing and storing credit card details itself?

Answer :

For a small digital business, using a trusted payment gateway (like Midtrans or Stripe) is more secure because it shifts the burden of sensitive data handling to a specialized provider. These gateways have the high-level security infrastructure and PCI DSS compliance that small businesses often lack. Instead of storing actual credit card details on its own servers, which would make the business a prime target for hackers, the business uses Tokenization. This means the sensitive data is replaced with a unique “token,” so even if the business’s database is compromised, the hackers gain no usable financial information.

Status: 100% terpenuhi.

Keterangan: sudah mengerjakan tugas dengan baik dan benar.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment