Audit and Assurance

Expand all | Collapse all

E-Card operations-Audit

  • 1.  E-Card operations-Audit

    Posted 19 Aug, 2019 02:28
    Dear Team,
    I'm supposed to do an audit on E-Card operations specifically on Visa Debit Cards, Merchant POS acquiring, USSD, Mobile Wallet and Mobile App.
    can anyone help me with the test scripts and the key areas to look at...


    ------------------------------
    Rita Kobusinge
    MANAGER SYSTEMS AUDIT
    ------------------------------


  • 2.  RE: E-Card operations-Audit

    Online Forum Topic Leader
    Posted 19 Aug, 2019 14:58
    @Rita Kobusinge,

    ISACA's PCI DSS audit program http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/icq-and-audit-assurance-program-for-pci-dss-compliance-program.aspx and the PCI Standards themselves may be a good start to get ideas https://www.pcisecuritystandards.org/

    Have ​members any other thoughts on this one?

    Best Regards,

    Ian

    ------------------------------
    Ian Cooke
    Audit & Assurance Topic Leader
    ISACA Journal Columnist
    ------------------------------



  • 3.  RE: E-Card operations-Audit

    Posted 20 Aug, 2019 18:46

    @Rita Kobusinge ,

     

    What is the role of the organization you're working with in the payment ecosystem? Are you an issuer/acquirer/merchant/service provider?

     

    The functions that you mentioned cut a very wide path through some of the more complex areas of electronic payments – some of which there are very limited numbers of people who are trained and qualified to be able to audit/assess the compliance of those functional areas and systems with the applicable standards.

     

    A good starting point, as Ian mentioned below, is the PCI Security Standards Council site, as they have most of the standards that apply. I would also urge you to reach out to the card brands that you work with – in particular, you can find information on VISA's PIN Security program at https://visa.com/pin

     

    Best regards,

     

     


    Jim Scardelis, CISA, CISSP, PCIP, VISA SA, CIPP/US, CIPP/C, CIPP/E, CIPT, PCI 3DS QSA, MCSE

     jim@jceltd.com  | http://www.linkedin.com/in/jimscard/

    Any views or opinions contained in this communication are solely those of the author, and do not necessarily represent those of any organizations or entities the author may be associated with.