Risk Management of Credit Card Payment Gateway using Octave Allegro Methodology At Electronic Payment Provider Institution

Abstract

The use of internet technology is growing very fast which is driving the development of businesses in Indonesia, one of which is in the eCommerce sector. To support payment transactions conducted by e-commerce, in conducting this business, it is necessary to collaborate with business partner engaged in the payment gateways sector. Company partner engaged in the payment gateways sector to provide solutions to electronic financial transactions where one product is a credit card payment gateways. The purpose of this research is to make a risk assessment and risk management for audit certification credit card payment gateway Company. Risk assessment can help to know what are the risks that may occur, how big the impact of these risks, as well as recommendations related control measures must be carried out if the impact of these risks occur. This research using OCTAVE Allegro methodology to identify and evaluate information security risks credit card payment gateway. This research is qualitative research consisting of observation, conducting group discussion with the respondents. The respondend of this research are VP Development and Service Provisioning, VP Operation and Infrastructure, Manager Front End 1, Manager Back End 2, and Senior Programmer. Results of this research are 9 critical information assets in credit card payment gateway in COMPANY, such as : Card Holder Data & Customer Credential, Data Center, Physical Devices, Logical Storage, Logical Network, Supporting Software, Core Application, Encryption Key, and Human Resources. There are 21 risks that may occur during in credit card payment gateway. From 21 risks that were identified, obtained 15 risks are defer, 3 risks to be acceptable, and 3 risks should be mitigate.