What is REST?
REST stands for Representational State Transfer. (It is sometimes spelled "ReST".) It relies on a stateless, client-server,
Secure Transactions with EMV chips goodbye magnetic chips
EMV -- which stands for Europay, MasterCard and Visa -- is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers are migrating to this new technology to protect consumers and reduce the costs of fraud.
"These new and improved cards are being deployed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards," says Julie Conroy, research director for retail banking at Aite Group, a financial industry research company. "It's an important step forward."
For merchants and financial institutions, the switch to EMV means adding new in-store technology and internal processing systems, and complying with new liability rules. For consumers, it means activating new cards and learning new payment processes.
Most of all, it means greater protection against fraud.
Want to know more about the transition and your new EMV chip-equipped credit card? Here are eight frequently asked questions to help you understand the changes.
1. Why are EMV cards more secure than traditional cards?
It's that small, metallic square you'll see on new cards. That's a computer chip, and it's what sets apart the new generation of cards.
The magnetic stripes on traditional credit and debit cards store contain unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash.
"If someone copies a mag stripe, they can easily replicate that data over and over again because it doesn't change," says Dave Witts, president of U.S. payment systems for Creditcall, a payment gateway and EMV software developer.
Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again.
If a hacker stole the chip information from one specific point of sale, typical card duplication would never work "because the stolen transaction number created in that instance wouldn't be usable again and the card would just get denied," Witts says.
EMV technology will not prevent data breaches from occurring, but it will make it much harder for criminals to successfully profit from what they steal.
Experts hope it will help significantly reduce fraud in the U.S., which has doubled in the past seven years as criminals have shied away from countries that already have transitioned to EMV cards, Conroy says.
"The introduction of dynamic data is what makes EMV cards so effective at bringing down counterfeit card rates in other countries," she says.
2. How do I use an EMV card to make a purchase?
Just like magnetic-stripe cards, EMV cards are processed for payment in two steps: card reading and transaction verification.
However, with EMV cards you no longer have to master a quick, fluid card swipe in the right direction. Chip cards are read in a different way.
"Instead of going to a register and swiping your card, you are going to do what is called 'card dipping' instead, which means inserting your card into a terminal slot and waiting for it to process," Conroy says.
When an EMV card is dipped, data flows between the card chip and the issuing financial institution to verify the card's legitimacy and create the unique transaction data. This process isn't as quick as a magnetic-stripe swipe.
"It will take a tiny bit longer for that transmission of data to happen," Witts says. "If a person just sticks the card in and pulls it out, the transaction will likely be denied. A little bit of patience will be involved."
While chip card transactions may take a bit longer than mag stripe transactions, total card processing time will vary between merchants and eventually speed up as the new payment environment is improved.
“It will vary depending on the merchant, the equipment and the point-of-sale system,” Ferenczi said. “I think that time lag overtime will be reduced for those longer transactions.”
3. Is card dipping the only option?
Not necessarily. EMV cards can also support contactless card reading, also known as near field communication.
Instead of dipping or swiping, NFC-equipped cards are tapped against a terminal scanner that can pick up the card data from the embedded computer chip.
"Contactless transactions are more consumer-friendly because you just have to tap," said Martin Ferenczi, president of Oberthur Technologies, the leading global EMV product and service provider. "Around the world, there is a move to make EMV cards dual-interface, which means contact and contactless. However, in the U.S., most financial instructions are issuing contact cards."
Dual-interface cards and the equipment needed to scan them are expensive. Right now, the first step is to successfully integrate EMV cards into the U.S. shopping scene. Dual interface will arrive later, according to Ferenczi.
“Dual-interface cards represent an excess of 40 percent of all cards issued outside the U.S. and I have no doubt that while we have a small base of 3 to 5 percent in the U.S. today, that percentage will grow significantly over the next year,” he said. “I think that we will start seeing an acceleration this year and further acceleration in 2017.”
Technology behind facebook
Software
that helps Facebook scale
- Facebook still uses PHP, but it
has built a compiler for it so it can be turned into native code on its
web servers, thus boosting performance.
- Facebook uses Linux, but has
optimized it for its own purposes (especially in terms of network
throughput).
- Facebook uses MySQL, but
primarily as a key-value persistent storage, moving joins and logic onto
the web servers since optimizations are easier to perform there (on the
“other side” of the Memcached layer).
Then there
are the custom-written systems, like Haystack, a highly scalable object store
used to serve Facebook’s immense amount of photos, or Scribe, a logging system
that can operate at the scale of Facebook (which is far from trivial).
GRADUAL
RELEASES AND DARK LAUNCHES
Facebook
has a system they called Gatekeeper that lets them run different code for
different sets of users (it basically introduces different conditions in the
code base). This lets Facebook do gradual releases of new features, A/B
testing, activate certain features only for Facebook employees, etc.
Software
that helps Facebook scale
In some
ways Facebook is still a LAMP site (kind of), but it has had to change and
extend its operation to incorporate a lot of other elements and services, and
modify the approach to existing ones.
For
example:
- Facebook still uses PHP, but it
has built a compiler for it so it can be turned into native code on its
web servers, thus boosting performance.
- Facebook uses Linux, but has
optimized it for its own purposes (especially in terms of network
throughput).
- Facebook uses MySQL, but
primarily as a key-value persistent storage, moving joins and logic onto
the web servers since optimizations are easier to perform there (on the
“other side” of the Memcached layer).
Then there
are the custom-written systems, like Haystack, a highly scalable object store
used to serve Facebook’s immense amount of photos, or Scribe, a logging system
that can operate at the scale of Facebook (which is far from trivial).
But enough
of that. Let’s present (some of) the software that Facebook uses to provide us
all with the world’s largest social network site.
MEMCACHE
Memcached is by now one of the most
famous pieces of software on the internet. It’s a distributed memory caching
system which Facebook (and a ton of other sites) use as a caching layer between
the web servers and MySQL servers (since database access is relatively slow).
Through the years, Facebook has made a ton of optimizations to Memcached and
the surrounding software (like optimizing the network stack).
Facebook
runs thousands of Memcached servers with tens of terabytes of cached data at
any one point in time. It is likely the world’s largest Memcached installation.
HIPHOP
FOR PHP
HP, being a
scripting language, is relatively slow when compared to code that runs natively
on a server. HipHop converts
PHP into C++ code which can then be compiled for better performance. This has
allowed Facebook to get much more out of its web servers since Facebook relies
heavily on PHP to serve content.
A small
team of engineers (initially just three of them) at Facebook spent 18 months
developing HipHop, and it is now live in production.
HAYSTACK
Haystack is
Facebook’s high-performance photo storage/retrieval system (strictly speaking,
Haystack is an object store, so it doesn’t necessarily have to store photos).
It has a ton of work to do; there are more than 20 billion uploaded photos on
Facebook, and each one is saved in four different resolutions, resulting in
more than 80 billion photos.
And it’s
not just about being able to handle billions of photos, performance is
critical. As we mentioned previously, Facebook serves around 1.2 million
photos per second, a number which doesn’t include images served by
Facebook’s CDN. That’s a staggering number.
BIGPIPE
BigPipe is
a dynamic web page serving system that Facebook has developed. Facebook uses it
to serve each web page in sections (called “pagelets”) for optimal performance.
For
example, the chat window is retrieved separately, the news feed is retrieved
separately, and so on. These pagelets can be retrieved in parallel, which is
where the performance gain comes in, and it also gives users a site that works
even if some part of it would be deactivated or broken.
CASSANDRA
Cassandra is a distributed storage
system with no single point of failure. It’s one of the poster children for the
NoSQL movement and has been made open source (it’s even become an Apache
project). Facebook uses it for its Inbox search.
Other than
Facebook, a number of other services use it, for example Digg. We’re even
considering some uses for it here at Pingdom.
SCRIBE
Scribe is a flexible logging
system that Facebook uses for a multitude of purposes internally. It’s been
built to be able to handle logging at the scale of Facebook, and automatically
handles new logging categories as they show up (Facebook has hundreds).
HADOOP
AND HIVE
Hadoop is an open source map-reduce
implementation that makes it possible to perform calculations on massive
amounts of data. Facebook uses this for data analysis (and as we all know,
Facebook has massive amounts of data). Hive originated from within
Facebook, and makes it possible to use SQL queries against Hadoop, making it
easier for non-programmers to use.
Both Hadoop
and Hive are open source (Apache projects) and are used by a number of big
services, for example Yahoo and Twitter.
THRIFT
Facebook
uses several different languages for its different services. PHP is used for
the front-end, Erlang is used for Chat, Java and C++ are also used in several
places (and perhaps other languages as well). Thrift is an internally
developed cross-language framework that ties all of these different languages
together, making it possible for them to talk to each other. This has made it
much easier for Facebook to keep up its cross-language development.
Facebook
has made Thrift open source and support for even more languages has been added.
VARNISH
Varnish is an HTTP accelerator which
can act as a load balancer and also cache content which can then be served
lightning-fast.
Facebook
uses Varnish to serve photos and profile pictures, handling billions of
requests every day. Like almost everything Facebook uses, Varnish is open
source.
Other
things that help Facebook run smoothly
We have
mentioned some of the software that makes up Facebook’s system(s) and helps the
service scale properly. But handling such a large system is a complex task, so
we thought we would list a few more things that Facebook does to keep its
service running smoothly.
GRADUAL
RELEASES AND DARK LAUNCHES
Facebook
has a system they called Gatekeeper that lets them run different code for
different sets of users (it basically introduces different conditions in the
code base). This lets Facebook do gradual releases of new features, A/B
testing, activate certain features only for Facebook employees, etc.
Gatekeeper
also lets Facebook do something called “dark launches”, which is to activate
elements of a certain feature behind the scenes before it goes live (without
users noticing since there will be no corresponding UI elements). This acts as
a real-world stress test and helps expose bottlenecks and other problem areas
before a feature is officially launched. Dark launches are usually done two
weeks before the actual launch.
PROFILING
OF THE LIVE SYSTEM
Facebook
carefully monitors its systems (something we here at Pingdom of course approve
of), and interestingly enough it also monitors the performance of every single
PHP function in the live production environment. This profiling of the live PHP
environment is done using an open source tool called XHProf.
GRADUAL
FEATURE DISABLING FOR ADDED PERFORMANCE
If Facebook
runs into performance issues, there are a large number of levers that let them
gradually disable less important features to boost performance of Facebook’s
core features.
Eight simple things you can do to protect your business data:
Conduct a security audit.
If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. It is critical that you work with a professional to audit your entire IT infrastructure—computers, network, and mobile devices—to determine what you need to do to prevent hackers from accessing your network.
Make staff aware of the important role they play in security.
Your staff are your front line of defense when it comes to security. Sure, hackers can access your network remotely and siphon off data without setting foot in your office. However, vigilant employees (consultants, partners, and vendors, too) can ensure that human error—which is a big cause of data security breaches—is minimalized.
Use strong and multiple passwords.
Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “dictionary attack”—an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords—can’t happen. Don’t write passwords down; commit them to memory.
Encrypt your data. Encryption is a great security tool to use in case your data is stolen. For example, if your hard disk is stolen or you lose your USB thumb drive, whoever accesses the data won’t be able to read it if it’s encrypted.
Back up.
Security is important, but if your data is not backed up, you WILL LOSE IT. Ensure that your data is properly backed up, and test the backup to ensure that your data can be recovered when you need it. A One-Page Expert Guide from Ramon Ray Editor & Technology Evangelist, Smallbiztechnology.com 8 Tips to Protect Your Business and Secure Its Data
Have security policies.
It’s one thing to ask employees to work securely, but you must also have clear and simple policies in place for them to follow to ensure that they are working in a secure environment. For example, insist that all notebook computers connected to the corporate network have security software. Mandate that NO security information ever be given over the phone. Policies like this and more will help ensure that your staff are doing their part to be security aware.
Protect your mobile work force.
Your sales team of 10 years ago is probably nothing like your sales team of today. With the proliferation of the BlackBerry, iPhone, and other mobile devices, more of your staff are working away from the office—and away from the protection of your network security. They are operating “in the open” on your customers’ networks, public networks at coffee shops, or free networks in the park. It is important to ensure that their mobile technology, often connected wirelessly, is as secure as possible.
Implement a multiple-security-technology solution.
Viruses that corrupt data are not the only security threat. Hackers, and their attacks, are more sophisticated than ever, and it is critical to have multiple layers of security technology on all your different devices (including each desktop, mobile device, file server, mail server, and network end point) to comprehensively secure your data. This multiple security will block attacks on your network and/or alert you to a problem so that you (or your IT expert) can take the appropriate action.
If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. It is critical that you work with a professional to audit your entire IT infrastructure—computers, network, and mobile devices—to determine what you need to do to prevent hackers from accessing your network.
Make staff aware of the important role they play in security.
Your staff are your front line of defense when it comes to security. Sure, hackers can access your network remotely and siphon off data without setting foot in your office. However, vigilant employees (consultants, partners, and vendors, too) can ensure that human error—which is a big cause of data security breaches—is minimalized.
Use strong and multiple passwords.
Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “dictionary attack”—an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords—can’t happen. Don’t write passwords down; commit them to memory.
Encrypt your data. Encryption is a great security tool to use in case your data is stolen. For example, if your hard disk is stolen or you lose your USB thumb drive, whoever accesses the data won’t be able to read it if it’s encrypted.
Back up.
Security is important, but if your data is not backed up, you WILL LOSE IT. Ensure that your data is properly backed up, and test the backup to ensure that your data can be recovered when you need it. A One-Page Expert Guide from Ramon Ray Editor & Technology Evangelist, Smallbiztechnology.com 8 Tips to Protect Your Business and Secure Its Data
Have security policies.
It’s one thing to ask employees to work securely, but you must also have clear and simple policies in place for them to follow to ensure that they are working in a secure environment. For example, insist that all notebook computers connected to the corporate network have security software. Mandate that NO security information ever be given over the phone. Policies like this and more will help ensure that your staff are doing their part to be security aware.
Protect your mobile work force.
Your sales team of 10 years ago is probably nothing like your sales team of today. With the proliferation of the BlackBerry, iPhone, and other mobile devices, more of your staff are working away from the office—and away from the protection of your network security. They are operating “in the open” on your customers’ networks, public networks at coffee shops, or free networks in the park. It is important to ensure that their mobile technology, often connected wirelessly, is as secure as possible.
Implement a multiple-security-technology solution.
Viruses that corrupt data are not the only security threat. Hackers, and their attacks, are more sophisticated than ever, and it is critical to have multiple layers of security technology on all your different devices (including each desktop, mobile device, file server, mail server, and network end point) to comprehensively secure your data. This multiple security will block attacks on your network and/or alert you to a problem so that you (or your IT expert) can take the appropriate action.
An Introduction To APIs
An Application Programming Interface (or API) is a way for two webpages and/or pieces of software to communicate with each other. An API works as a middleman, taking the request from one piece of software, and then replying with the appropriate response from the other.
One example of an API you may be familiar with is the Create publish and share function. Using an API, we send a request to allow us to post on your social media account such as Twitter. The Twitter API then responds by posting a status update on your social media account.
The Create API opens up the possibility to streamline a number of tasks in the day-to-day running of your business by allowing for the easy creation of Apps. For instance, an App could be set up using the API to automatically transfer your shop orders into your accounting software.
As a Developer
As a Developer, you have the option of creating Apps for yourself or client, and making these publicly available to Create customers as well. To learn more, and to read our Developer Documentation, see our API Information for Developers guide.
Subscribe to:
Posts (Atom)