Is Your Online Payment Gateway Secure?

Security Breach?

Back in 2005, many of us in the merchant services industry were in the thick of the CardSystems security breach. The Federal Trade commission claims “this is the largest known compromise to financial data to date”. Millions of dollars in fraudulent purchases were made with the stolen data. Processors, like the one I was working for at the time, had only a short window to move all their merchants to a new platform. This incident made it clear that card holder data must be protected and more precautions should be taken to ensure that card holder data is not compromised on this large of a scale again.

Now merchants are in for a new type of threat. The very software that business owners use on their computer networks may cause card holder data to be compromised. Packet sniffers are software or hardware that monitors data on a network, and they have been around for a long time. This software is typically used to troubleshoot a network issue or to test firewalls. Conversely, we have malware that is designed to damage a network. It appears that attempted fraud is on the rise again. Packet sniffers are being used as malware on systems to snag or intercept card holder data.

Visa recently released an alert about packet sniffers . If you feel your card holder data has been compromised, make sure to unplug your network cable (turning off your computer will not work). Try to isolate the compromised machine from the rest of the network. Notify the card associations immediately so they can begin their investigation process.

Visa recommends in their alert that we follow these guidelines to avoid vulnerability to a packet sniffer attack:

  • Utilize host-based Intrusion Detection Systems (IDS), such as Dragon IDS suite and Comodo
  • Monitor firewalls for suspicious traffic, particularly outbound traffic to unknown addresses
  • Implement file integrity monitoring
  • Secure workstations so packet sniffers, or other malware, cannot be installed
  • Utilize encrypted protocols or encryption to protect sensitive data
  • Use packet sniffers legitimately to detect network intrusion attempts or suspicious activity on a network
  • Ensure that anti-virus and anti-spyware software programs are up-to-date
  • Routinely examine systems and networks for newly-added hardware devices

Contact us Now or Call Us Now at 855-204-3838 and see how we can help you!  Do it Now!

Privacy Preference Center