* *
* * *
* * *
*
* Home > Case Studies > Security > Protecting Online Credit Card use *
*
* * *
*

Case Studies - Security

Protecting Online Credit Card use
Office Security and customer confidence are paramount for Barclaycard when it comes to online services, thats why they chose QinetiQ to independently audit their systems and perform detailed Security Health Checks.
*

Background

As an increasing number of users use online services for credit card payment and management there are many who have concerns over the security of these interactions.

Trends show an increasing threat to online organisations from hackers who target companies where they see opportunity to disrupt the smooth operation of their business. This means an increasing exposure to fraud.

Barclaycard is Europes leading issuer of credit cards with 10.4 million customers and 12 million cards in circulation worldwide. Barclaycard can be used to pay for goods and services in more than 22 million places in over 200 countries and to withdraw cash from over 600,000 places worldwide. Barclaycard was the first and is the UKs leading card services provider on the Internet and has in excess of a million customers who regularly use Barclaycards online services.

Key Benefits

  • Senior management and customers have increased assurance on the secure nature of all Barclaycard online services
  • The Barclaycard IT team save development time and possible exposure time


Challenge

Considerable effort has been devoted to building and developing the banks secure on line systems but Barclaycard did not want to become complacent. Any breach of the security could have significant impact financially and also on the Barclaycard Brand.

Barclaycard took the decision to pro-actively explore the opportunity for independent security audit services to better protect the users and the company from risk. The specific requirement was to validate the security of any new or altered architecture before general public release as Steve Marshall, Security Architect explains, 'We continually assess the level of threat to our online services and strive to improve the services we offer. Being secure one day does not mean that you will be the next. The systems and software we rely on are constantly changing, as are the techniques potential hackers use to try and gain access, constant vigilance is the watchword.'
*
Barclays 'A key benefit of the Security Health Check service that's provided by QinetiQ is their informed, independent views and judgements.' Steve Marshall, Security Architect, Barclaycard
*

Solution

QinetiQ was approached by Barclaycard to provide the Security Health Check service to regularly assess the threat to the online services. With a heritage spanning a decade of providing such services to numerous financial and government organisations, QinetiQ were ideally placed to meet their stringent requirements.

QinetiQ were able to work alongside Barclaycard to define and deliver a solution that helps Barclaycard protect their interests against evolving threats. 'The service we provide is tailored to meet the specific requirements of Barclaycard. Our depth of capability allows us to respond quickly to the requirements of the customer and ensure that, in partnership, we collectively protect the interests of the bank.' commented Shane Slater, QinetiQ Sales Director.

QinetiQ provided additional education and support to a number of areas of Barclaycard and has continued to work closely with the inhouse team to highlight and implement practical solutions that continue to protect Barclaycards systems.

Results

A principal benefit of the Security Health Check is that it provides an independent audit of the online services provided by Barclaycard. As it evaluates the developments before going online and provides feedback on any potential vulnerability, the development team is able to focus their time and energy to fixing any issues before making the system live. This helps them to pro-actively manage the risk and threats to the service and supports in the efforts to protect the brand value of Barclaycard.

'A key benefit of the Security Health Check service thats provided by QinetiQ thats provided by QinetiQ is their informed, independent views and judgements. That the systems continue to be secure is very important to our customers and senior management.' added Marshall.


QinetiQ Solutions

Security Health Check

QinetiQs Security Health Check team offers unrivalled capability in the field of vunerability and threat assessment.

There are 5 key focus areas:

  • Internal Penetration Testing
  • External Penetration Testing
  • Application Penetration Testing
  • Telecommunications Penetration Testing
  • Physical Penetration Testing


The QinetiQ Security practice is one of the largest in Europe with over 200 security consultants constantly keeping abreast of the security marketplace. QinetiQ through its research activities, strives to stay ahead of the curve in the field of vulnerability testing.

The Security Health Check team is one of the largest CESG (CHECK) teams in Europe, with over 50% of the active testing team having passed full accreditation. CHECK is the only internationally recognised accreditation for this type of work in the world.

As a bespoke service to clients, the team would evaluate and agree the process to best deliver the needs of an individual company and reporting would be comprehensive and confidential.
*
Related sections
> QinetiQ Security
Supporting information
> Download Case Study [PDF]
Back to top Back to top
*
* * *
*
*
*   *