Entries tagged with “data breach”.
Did you find what you wanted?
Jan 22 2015
A major internet service organization recently found itself the victim of a cyber security breach regarding financial data.
The company fell prey to hackers by a spear-phishing attack. Spear phishing is the attempt to get corporate information by sending an e-mail message that appears legitimate. The fraudulent message sometimes asks the recipient to click on a link to verify information. Instead, that link can download spyware, Trojan horses, or malware. That’s what was believed to have happened in the breach; employees clicked on links in an e-mail that apparently led to the installation of malware.
Besides giving the hackers access to e-mail, the scam also compromised content management systems, internal communication systems, and the company’s data system for managing domains. Security enhancements implemented months ago, by the firm, likely limited the unauthorized access sought by the hackers.
While this company will no doubt be more vigilant guarding against future spear phishing scams, there’s a lesson here that businesses of any size and type can impart to their own employees: Don’t click on links in e-mails that looks suspicious, particularly if the message is asking for information. To learn more, contact us here at ProPay.
Jan 12 2015
Being a merchant nowadays is very challenging – not only do you have to worry about the rebound from our recent economic recession – you also have to now worry about cyber security. According to Tech Crunch, more and more retailers are succumbing to hackers.
Many retailers, including major clothing, home-improvement, grocery, and restaurant chains have been attacked and successfully breached. “[one retailer] saw 56 million accounts compromised!” The article states that a major reason why most retailers are being breached is because they haven’t converted from mag stripe card readers to more up-to-date systems like chip and PIN. If there’s a takeaway to this: if you have a brick and mortar store – you should update your system to avoid any breaches. Keep in mind that whether it’s your payment processor or you that gets breached – you’ll experience a major dent to your reputation either way. Make sure to choose a cyber-secure payment processor – and update your hardware/software on your end as well.
ProPay has been providing thousands of merchants (with more joining each day) with excellent payment processor services since the 1990s. Contact us today to learn more about our state-of-the-art cyber security measures – and how we can help your business succeed further.
Jan 9 2015
Payment processors are becoming increasingly important as our reliance on the digital world increases. People are now purchasing items via Facebook and other social media sites – as well as using apps on their tablets and mobile phones. For most businesses, the days of simple cash transactions don’t apply anymore. Thus, the payment processor you choose must be well thought out.
Choosing a payment processor that has an excellent history of top cyber security is a must, considering that “hardly a week goes by without hearing of another data breach or a new strain of malware being discovered in the wild.” According to a FireEye Chief Technology Officer, hackers and their malware are only going to create more dire situations for 2015. FireEye is a “cyber security and forensics firm, [and they predict] mobile ransomware will surge in popularity.” They also predict “that point-of-sale (PoS) attacks will also become a more popular method of stealing data and money – and PoS attacks will strike a broader group of victims with increasing frequency.” What’s even worse, since cyber criminals are starting to become more creative, and a lot more are going into the business, payment processors will experience increased attacks.
The deal is, when a payment processor is hacked, the results are tremendous – “a single successful intrusion could provide access to pools of credit card data from many sources…” And sadly, some of these financial records might be your consumers’, which can lead to them placing the blame on you. Thus, make sure that when choosing a payment processor, you pick one that holds sound cyber security procedures – like constantly keeping up-to-date on new cyber security technologies. Some tell-tale signs include them being accredited by cyber security associations, and if they regularly join in on cyber security panels or conventions.
If you’d like to learn more about cyber security breaches regarding financial data, contact us today.
Jan 8 2015
Posted by Sara Davis
Merchant Services, Small Businesses
Picking a payment processor just got harder. It turns out that cyber criminals are becoming more sophisticated (or more desperate?). Recently, it’s been revealed that they’ve now started targeting parking garages. That’s right, they’re not only trying to steal your information in-store, but now, even before you walk into the store. Over the Black Friday weekend, “hackers got into the systems of a large parking vendor… and were indeed able to steal customer name and payment card information.” What’s more troubling is that “the breach ran [undetected] for almost seven months… [involving parking garages in Chicago], Cleveland, Philadelphia, Seattle, and Evanston….”
Another news article was recently released of an unlicensed, illegal payment processor whose majority of business catered to credit card fraud, identity theft, investment fraud, computer hacking, and other crimes. Basically, it acted almost like a money laundering business, except that it merely facilitated the transfer of funds between criminal clients and criminal suppliers.
Why is this important? Choosing the right payment processor is paramount to a successful business. Not only do you have to worry about choosing the payment processor with the lowest fees and the greatest number of available payment method options – you also have to worry about their cyber security and legitimacy. If their cyber security breach causes your consumers any fraudulent transactions, you will share in the reputation loss. If the payment processor turns out to be doing illegal dealings, you will also take on a negative view for having been associated with them.
ProPay offers payment processing solutions you can trust, contact us today to learn more.
Dec 16 2014
Posted by Sara Davis
An ongoing attack into corporate America has been trying to infiltrate more than 100 mostly pharmaceutical and health care companies in one of the latest examples of cyber security breaches regarding financial data. This time, the goal is not to take money, but instead to take information. The objective is market-moving information about publicly-traded companies that can be used for a different kind of crime – insider trading.
Cyber security firm Fire Eye recently disclosed the operation, telling Reuters that the hackers were very specific in their method of attack: They targeted only people with access to inside information that could be used to make profitable trades before that information became publicly available.
While Fire Eye declined to disclose the identities of specific victims, the firm says victims include corporate advisors, investment bankers, attorneys, investor relations firms, and others that could have access to corporate information. Fire Eye acknowledges that information has been compromised, but the firm says it does not know whether any trades were made using that information. Fire Eye calls the group “FIN 4” because it ranks number 4 among the large, financially motivated groups that Fire Eye tracks. Fire Eye has already reported the group to the FBI, though the bureau is not commenting on FIN 4 for now.
FIN 4 doesn’t operate by infecting corporate computers with malware. Instead, its hackers steal e-mail account passwords. Using those compromised accounts, the hackers then send phishing e-mails to try to gain inside information. Fire Eye says that FIN 4 covers its tracks by using Tor, a service that masks the location of Internet users.
“They are going after the weakest link in the security chain, people,” Kevin Westin, a security analyst for threat detection firm Tripwire, told Top Tech News. “Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”
Strict password protocols are a must for thwarting hackers seeking inside information. Employees should be required to have different and distinct passwords for each web service they use from the company. Corporations should also consider two-factor authentication, which would require users to enter a second code provided by text message or on another device, such as an authentication device that changes passwords each time it is used. And employees should be trained on phishing tactics that could be used to procure sensitive business information. To learn more about how to make your business more secure, contact us.