Skip to content

Visa Security Alert!

September 1, 2014
From Visa's Risk Management:
For: IT, Information Security, IT Support

Visa has recently noticed an increase in malicious remote access activity associated with unauthorized access to merchant point-of-sale environments and ultimately, payment card data.  Many remote access solutions are to provide remote management and technical support for retailers.  Used maliciously, they can expose payment card data and other sensitive information to cybercriminals to log in, establish additonal “back doors” by installing malware and steal payment card data.  The risk of data compromise substantially increases when remote access applications are not PCI DSS compliant.

Examples of common remote access vulnerabilities that can enable intruders to gain access to merchant POS environments.  NOTE: most are also violations of the PCI DSS.

  • Remote access ports and services always available on the Internet.
  • Outdated or un-patched applications and systems.
  • Use of default passwords or no password.
  • Use of common usernames and passwords.
  • Single-factor authentication.
  • Improperly configured firewalls.

The attacks take place by successfully logging in to remote access applications with common username/password combinations.  Once inside the network an intruder will typically take steps to disable anti-virus applications and establish additonal “back door”  connectivity through the installation of malicious sofware.  On systems where payment card data processed, card-capturing malware is often installed and used to collect full track data from the POS system.  Finally, card data is removed to remote IP addresses.

We are urging you to share this information with your colleagues in the IT departments.

Business Phone Systems: Landline Versus VoIP

August 25, 2014

Not sure what option is best for your business?  Take a look at this article that hashes out the good and bad with phone systems.

Business Phone Systems: Landline Versus VoIP.

Visa Corporate, EMV Chip Cards, doing everything but even more secure

August 11, 2014

Take a look at the picture Visa released on how to understand the EMV Chip Cards.

Visa Corporate, EMV Chip Cards, doing everything magnetic strip….

EMV Can’t Come Soon Enough

August 4, 2014

An investigation is taking place regarding a credit card breach at GoodWill locations nationwide.  They first noticed the possible incident on Friday July, 18th with the activity similar to other data breaches that have taken place like Michaels, Target and Neiman Marcus.

With all these security breaches taking place it seems the change to EMV cards can’t come soon enough.  The deadline is coming on October 1, 2015 and as Visa’s announcement states, “Currently, POS counterfeit fraud is largely absorbed by card issuers. With the liability shift, if a contact chip card is presented to a merchant that has not adopted, at minimum, contact chip terminals, the ability for counterfeit fraud may shift to the merchant’s acquirer.”

EMV-enabled cards rely on an embedded chip and PIN number instead of the traditional magnetic stripe and signature that the U.S uses today. This strategy reduces the vulnerability of cardholder data when making purchases, preventing ‘skimming’ or copying card data embedded in a card’s magstripe.  EMV cards and terminals have already been adopted in other parts of the world and have helped to reduce fraud, chargebacks, and card counterfeits.

Study Finds RingCentral Adds Substantial Savings

July 28, 2014

Key Points from study:

  • Provides Substantial Cost Savings. 
  • Leverage RingCentral integration with salesforce.com.
  • Increase revenue of customer-facing employees.

Read More HERE

To learn more about RingCentral and other services visit www.paylab-plus.com

How healthcare can learn from retail’s IT security mistakes | HealthITSecurity.com

July 24, 2014

How healthcare can learn from retail’s IT security mistakes | HealthITSecurity.com.

Ecigarettes in Restaurants?

July 7, 2014

With Ecigerattes growing to $1.5 billion this year alone, restaurants are torn on allowing them in their establishment. Whats your thought? Read the full article HERE

Follow

Get every new post delivered to your Inbox.

Join 226 other followers

%d bloggers like this: