Common Cyber Crimes Facing the Payments Industry
There is little doubt that an Account Data Compromise (ADC) would be detrimental to the operational effectiveness of any business. However, to organised criminal groups it can be an easy way in which to generate funds for criminal gain. In the 21st century, it can be easier for a criminal gang to commit cyber crimes, such as raiding the credit card details of a poorly maintained website, than to raid a high street bank.
The favoured methodology of website hackers is to exploit poorly written and unsecured websites and then seek to locate the credit card information held within. By focusing on weaker websites in this way, and ensuring that the total level of card fraud is not too high, many of the hackers simply take the 'low hanging fruit' and go unnoticed until it is too late.
Often exploiting the same common vulnerability across multiple different hosts, for example an authentication weakness in a popular shopping cart, allows the hacker to simply trawl the Internet for those websites that use that shopping cart to exploit and collect the reward. No organisation wants to fall foul to cyber crimes and therefore in order for them to protect themselves against a potential information security breach, certain steps should be taken to reduce susceptibility to the most common types of breaches.
Legislation
The unlawful access to a system that is used by a merchant is on the whole in breach of section 1 of the Computer Misuse act and in the real world, stealing of cardholder data is more than likely to be associated with the stealing of PII (Personally Identifiable Information). Therefore, once a data breach has occurred, it can easily escalate from an exercise where the card brands are requesting their card numbers to be returned, to the local law enforcement agency mounting a personal data loss investigation.
Cardholder data breaches, that are the result of cyber crimes, are increasing raising interest within the various law enforcement and data protection agencies around the EU. Although currently each member state takes a different view on how to deal with the consequences of cyber crimes, growing public awareness on the issue could see law enforcement take a heavier, more legal based role in the near future.
Protecting Your Organisation
There are no hard and fast rules to ensure that your website is safe and secure from the persistent threat of cyber crimes. However, there are some actions that organisations can take to help avoid large fines for the misuse and loss of cardholder data. Below are 10 helpful tips for organisations seeking to become more proactive;
1. Get PCI DSS compliant. Look at your merchant agreement with your acquirer, it will state that you need to be PCI DSS compliant;
2. Plan, Plan, Plan - you don't know when the event might happen but an incident response plan and regular testing of this plan will pay dividends in the event of a breach;
3. Suppliers - know who your suppliers are and also what cardholder data they may or may not be processing on your behalf. They will need to be PCI DSS compliant and could easily be your weak point in the protection of cardholder data;
4. PFI Company - if there is a breach, one may be turning up at your door and asking questions that you might not immediately know the answer to. Pre-appointing a PFI and talking to them about what happens in a breach will iron out any potential problems;
5. PR Response - should the worst happen and your businesses' reputation is on the line, have a pre-planned public response; a response prepared beforehand is far better than a response drafted in the heat of the moment;
6. Policy - one of the easiest ways to mitigate the risk that a breach represents is to ensure that policies and procedures are robust enough to reduce the chance of a cardholder breach and also have the flexibility to respond if a breach occurs;
7. Data Protection - the legal and compliance authorities are becoming more interested in ensuring that the cardholder data that merchants process and the personal information they obtain is kept within the realms of the merchant, and does not get into the hands of the hackers. Whilst the card brands could fine an organisation for the miss-use and/or loss of cardholder data, the data protection authorities can also stop a merchant processing cardholder data;
8. Acquisition of evidence - should an external party be required to investigate a breach, a lot of time, energy and effort can be saved by allowing the external investigative party to investigate and acquire the data. The more that the data is tampered with before a forensic investigation is carried out, the less information can be found out about what actually happened;
9. Check your liabilities - ensure that you have the correct contracts; it may be that your 3rd party has provided you with a 'managed' firewall but what does that mean? You may only find out when a hacker has already taken your customer's cardholder information away;
10. Don't Panic -If the worst should happen, act with a clear head and don't make rushed decisions that could affect the outcome at a later stage.
9 comments:
hey river puedes publicara algunos en espaƱol pues la verdad no se tanto ingles
yes its has big problem for many industry use Comodo Internet security has lot of features like auto sand box technology source: https://www.youtube.com/watch?v=l0-xGEuLJvo
Comments on this blog are restricted to team members.
It was a great information and Its really worth reading it. The author did an mind blowing work by describing each and every concept in detail. Thanks for such an informative post. Please keep up your good work.
Marine Colleges in Chennai, Engineering Colleges In Chennai
Good work…unique site and interesting too… keep it up…looking forward for more updates.Good luck to all of you and thanks so much for your hard-work.
Transcription Services Bangalore, Voice Over Artist in India
Halo,I'm Helena Julio from Ecuador,I want to talk good about Le_Meridian Funding Service on this topic.Le_Meridian Funding Service gives me financial support when all bank in my city turned down my request to grant me a loan of 500,000.00 USD, I tried all i could to get a loan from my banks here in Ecuador but they all turned me down because my credit was low but with god grace I came to know about Le_Meridian so I decided to give a try to apply for the loan. with God willing they grant me loan of 500,000.00 USD the loan request that my banks here in Ecuador has turned me down for, it was really awesome doing business with them and my business is going well now. Here is Le_Meridian Funding Investment Email/WhatsApp Contact if you wish to apply loan from them.Email:lfdsloans@lemeridianfds.com / lfdsloans@outlook.comWhatsApp Contact:+1-989-394-3740.
BA Exam Time Table I appreciate you spreading the word.
We have been using Mr Benjamin financial team to help secure our first acreage block. We are happy with the professionalism In Financial Services Mr Benjamin and his loan company brings to the table with the loan rate of 2% interest rate that we use to get our loan from Mr Benjamin we are also doing a separate construction loan with them. Everything has been a breeze with the team behind Mr Benjamin which is 100% of the way, and no question is too silly to ask. Would recommend this Loan officer to anyone looking for a loan at the low rate of 2% RIO!! Email Mr Benjamin and his team today for any kind of loan 247officedept@gmail.com Whats-App Number +1-989-394-3740
Post a Comment