Threats of hacking are omnipresent in credit card payment processing and there is no sign of relief on the horizon. The only solution is continuous mitigation and remaining updated on trends. If it is affordable, contracting to an IT security provider specializing in attacks is recommended.
Recently we read a news item in which an online security expert detailed the most concerning threats to merchants and other entities in the payments-sphere that handle sensitive data. Each of the threats he detailed are worrisome in their own right, but some of them can be avoided with simple due diligence.
Of all the threats to which merchants (and businesses in general) are prone, the security expert detailed four:
Spearphishing
As noted prior, one of the biggest threats to all businesses is spearphishing, the dubious practice of sending authentic-looking, deceptive e-mails enticing the recipient to click on a link. Clicking, however, could enable the fraudster access to sensitive information and even account takeover. We recently blogged about what to do when an e-mail looks suspicious, and offering a protocol to certify its legitimacy:
- Is the e-mail unexpected?
- Does the e-mail reference you specifically or generally?
- Is it urging you to click a link or open a file?
- Is the URL or attachment unrecognizable?
- Are there spelling and/or grammatical errors?
- Is there anything odd about the sender’s address?
Online security experts determine such e-mails become dangerous if answering ‘yes’ to two or more of these characteristics.
Ransomworms
Think ransomware but with ‘worms’ that spread and infiltrate a company’s network, holding it hostage until a ransom is paid (usually demanding cryptocurrency). POS software is believed to be a common target, thus credit card payment processing merchants are advised to upgrade security on their POS systems.
Cryptocurrency hacking
It was a matter of time, wasn’t it? Hackers have begun infiltrating mining systems that produce bitcoin and altering algorithms to steal and funnel bitcoins away from legitimate miners — a problem that is fast taking a turn for the worse.
Weak passwords
It’s stunning and frustrating that weak passwords are still an issue. Consumers using passwords that are weak, short, predictable and the same over several verticals are simply playing with fire. Our IT representative once told us to treat our passwords — not just those for work, but socially as well — like toothbrushes: Pick a good one, never share it and replace it regularly.
It’s not just credit card data that hackers are after
We viewed a webinar this week, an interview with Tony Sales, labeled Britain’s Greatest Fraudster, who has since become a fraud fighter in the banking, insurance and retail industries. Mr. Sales was asked what hackers value the most, to which he swiftly replied, ‘Data.’ From merchants to banks, there is a treasure trove of credit card payment processing data maintained. Safeguarding that data is of the utmost importance.
What to look for in an IT security partner
Back in 2016, we partnered with a local IT security firm, Neoscope, which, at the very least, has been an education. If there are threats against us — being in credit card payment processing, we’re guessing our company is a hot target — we rarely see them because they are intercepted.
After the partnership was made official, one of Neoscope’s representatives spent 90 minutes with our staff detailing the best practices and procedures in mitigating attacks and the common threats we might see. It was an eye-opening meeting.
For credit card payment processing merchants and businesses looking to outsource to an IT security provider, we recommend two characteristics: communication and education.
We believe consistent communication makes a client feel like a valued partner. We regularly receive updates on the latest trends in hacking in the form of urgent e-mails, daily notifications on suspect e-mails, newsletters and even short videos followed by quizzes. Additionally, whenever we encounter an issue, we can always get them on the telephone.
What types of threats have you encountered? Leave us a comment at instabill.com.
For credit card payment processing solutions for high risk businesses, we are always up for a conversation at 1-800-530-2444.