With the start of loyalty programs, it became possible to accumulate discounts provided by sellers in the form of bonuses. and pay for purchases with them. Employees who process data from loyalty programs are tempted to use their access rights for illegal actions. Dmitry Yudin, Business Development Director of Oracle CIS, and Sergey Petrakov, Head of Information Security Service of TPK JSC, a specialized operator for processing plastic cards in the corporate and retail fuel market, tell why those who are faced with the task of data protection should focus not looking for fraudsters in your team and eliminating the consequences of fraud, but taking preventive measures to protect data in information systems. How to use the tools built into the database toyou can eliminate the possibility of fraud before it occurs.
Why loyalty program data has become the object of interest for scammers
In "analog" times, the scale of fraud in any industry depended on the volume of cash flow and the level of security. Today, new dimensions have appeared in this construction. Significant amounts of moving funds continue to attract the interest of potential attackers. However, at a time when all industries are moving to the exchange of digital data, access to this data using digital technologies becomes more attractive for fraudsters - it makes it possible to do this quickly, remotely, secretly, that is, relatively safe for an attacker.
“Digitalization of fuel retail covers, among other things, loyalty programs for individuals - comments Sergey Petrakov, -as well as corporate fuel programs, the participants of which are legal entities that have entered into contracts for the supply and sale of petroleum products. In both programs, the end user makes settlements at the gas station using the appropriate plastic cards or other digital entities replacing cards (QR code, barcode, token, etc.) The volume of funds passing through the corporate fuel program is significantly larger for a separate purchase, but the number of participants in loyalty programs is much higher. Frauds occur in all programs, but loyalty programs are becoming especially attractive to cybercriminals due to the growing volume of moving vehicles, a high level of use of modern digital technologies, and the possibility of using so-called social engineering technologies on program participants.For corporate programs, the capabilities of an attacker are limited by the contractual nature of interaction between legal entities and the real goal of a fraudster may be the task of cashing out funds at a gas station or influencing data in an information system, which will allow, for example, a dummy legal entity to illegally obtain fuel by cards.
– . , , , , , , , . - , – .
, . , , , , .
« , - , - , , , . . , . , , . . , , . , , , ».
– , . , . , , . . , , , .
, , , , . , , «».
. , , , - , , .
,
, , .
. , . , , , . , , .
, , . , .
, . . Oracle, , , , , , , . , .
, . , , . . , , , . .
, . Oracle , . , , , , . .
« , , - , - , , , . , ».
Oracle . , Oracle, , . – . , . . Oracle .
– , . , . , . , , .
, , , . Oracle.
, , . . , . . , .
Oracle
Oracle Advanced Security Transparent Data Encryption (TDE). . TDE DDL. , . . , .
Oracle Database Vault. , . , , .
« , - , - , . , , , , « ». . , , . – . , , « ».
The use of Oracle tools and the distribution of roles between security teams and administrators made it possible for TPK to not investigate cases of unauthorized changes at the moment when the alleged fraud had already occurred, but to prevent the very possibility of such cases. At the same time, security tools are not an add-on over Oracle databases and are an integral part of the software package. This feature makes it possible to maintain maximum fault tolerance and eliminate downtime when problems arise.