Internship: Exploring Topics in the Regulation of Credit Card Companies

September 26, 2012

Credit cards have become indispensable to the daily routine as they are being used everywhere from swiping plastic at the gas pump to making instant payments through online accounts. Without a doubt, such convenience comes with risks, namely stolen numbers and the misuse of customers’ personal information. But credit card companies, as well as the legislation that regulates them, are constantly working to ensure data is handled responsibly.

Dolly Karaba, an INI student in the Master of Science in Information Technology-Information Security program, received first-hand experience on the security procedures of a credit card company as a summer intern with the Chief Information Security Office (CISO) at American Express.

After quickly relocating from Pittsburgh to Arizona in May, Dolly spent the summer gaining broad professional exposure at American Express through her work on both research and operational projects. She learned about the regulatory aspects of the credit card industry and the processes that a business must put into place in order to adhere to them.

"I interacted with great people and learned different perspectives of information security, such as governance, risk management, internal audit and compliance," she said.

Dolly is also the recipient of the 2011 Executive Women's Forum (EWF) INI Fellowship, sponsored by Alta Associates. The EWF is a large network of information security, privacy and risk management professionals in senior leadership positions, and Dolly has the opportunity to be mentored by the EWF through her fellowship.

For one project over the summer, she compiled approaches to how firms store, process and transmit credit card data based on the Payment Card Industry (PCI) Data Security Standard. All companies in the finance industry must follow the PCI guidelines for handling data. Dolly researched various methods used and reported on the hurdles that organizations must overcome in order to be compliant.

For other tasks, she researched the topic of penetration testing. She looked at penetration testing from both the technical side, focusing on its requirements and processes, and also from the business side, looking at references to it in regulations and legislation that apply to her employer. She also assisted American Express in updating their information technology risk library. When adding a new risk to the library, she had to identify what regulations applied to them.

The interdisciplinary aspects of her INI program prepared her well for the summer experience. The internship gave Dolly insight into the policy and business aspects of her career path.

"I have been able to understand the part that security practices--such as penetration testing, network security, network configuration, among others--play in the holistic enterprise security program," she said. I believe that it'll significantly influence my future career decisions, as I now have a broader career perspective. I am now able to venture into governance, compliance, internal audit or risk management, which all integrate various aspects of security."

Pictured above: Dolly Karaba

Related Links

Related Media