Entries tagged with “Risk”.
Did you find what you wanted?
Jan 30 2015
A recent security breach of one of the largest American banks was not the result of sophisticated software or malware. Instead, the data breach that exposed the information of 76 million households and 8 million small businesses came down to an overlooked server and insufficient security controls.
Details of an investigation into the hack traced the breach to a neglected server as the hackers’ entry point.
That breach could have been avoided with a relatively simple fix – two-factor authentication. Double authentication requires users to enter a second, one-time password in order to gain access to the system. That second password can be provided by a text message to a phone or another device, such as a key fob.
While breaches of retailers have made headlines and are immediately recognizable to consumers, the latest bank breach should be even more disconcerting. That’s because banks retain more sensitive financial information for their customers and banks are supposed to have more robust security compared to retailers.
To learn how to avoid similar vulnerabilities in your business we invite you to contact us here at ProPay. Our team of experts stays up-to-date on industry news and how to support your business in having the most robust payment processing security system available.
Jan 22 2015
A major internet service organization recently found itself the victim of a cyber security breach regarding financial data.
The company fell prey to hackers by a spear-phishing attack. Spear phishing is the attempt to get corporate information by sending an e-mail message that appears legitimate. The fraudulent message sometimes asks the recipient to click on a link to verify information. Instead, that link can download spyware, Trojan horses, or malware. That’s what was believed to have happened in the breach; employees clicked on links in an e-mail that apparently led to the installation of malware.
Besides giving the hackers access to e-mail, the scam also compromised content management systems, internal communication systems, and the company’s data system for managing domains. Security enhancements implemented months ago, by the firm, likely limited the unauthorized access sought by the hackers.
While this company will no doubt be more vigilant guarding against future spear phishing scams, there’s a lesson here that businesses of any size and type can impart to their own employees: Don’t click on links in e-mails that looks suspicious, particularly if the message is asking for information. To learn more, contact us here at ProPay.
Jan 20 2015
Finding the right payment processor for your small business is all about looking for features that match up well with what your business does. Here are some examples of features you should look for depending on your business.
Mobile Card Readers for Local Businesses
One useful feature you can get from a payment processing company is a mobile card reader. This is a device that sits right on top of your phone which can process credit cards securely in-person.
Many of the better ones give you a free app to go with it, and let you plug them right into a convenient area like the audio port. This feature is ideal for local businesses that do a lot of commerce in person and not at a stationary POS system within a store. A mobile card reader will be useful for brick and mortar stores that don’t want to pay extra for the more extensive credit card devices, and also for small businesses that carry product from within their own home and want to be able to process credit cards for local customers.
Multiple Payment Storage Options for Online Businesses
One excellent way to encourage repeat customers for your online business is to make it really easy for them to store payment options. Trivial inconvenience is the great killer of e-Commerce. If customers can store different credit cards and payment options with your site using a payment processing service that allows for this, then they can come back and make additional purchases with much less hassle.
Having to enter payment information over and over again is going to deter repeat business. That’s why the multiple storage feature can be useful for encouraging growth in small businesses that focus on internet transactions.
Regardless of how your small business operates, it can benefit from the right payment processing features. For more information about these features and others, please contact us at ProPay today.
Jan 14 2015
The recent hack of a major entertainment company demonstrates the weaknesses still existing in corporations, both large and small. The hackers, according to recent news, rendered the company “unable to process payments, leading to… canceled film shoots…”
If you think that you’re safe, think again! According to another news article, “the recent high-profile cyber security breach risks unleashing a wave of copycat attacks after the entertainment company showed the impact cyber criminals could have when the [company] canceled the release of [its movie].” Other cyber criminals have the potential to see that they could have a powerful influence on businesses and become brazen with their attacks. The article states that small and large entertainment-related companies are calling cyber security experts, terrified and willing to pull any and all movies that hackers may deem offensive – all in hopes that they are spared from cyber attacks.
During these turbulent cyber security times, you should choose a cyber secure payment processor. ProPay is always on top of the latest cyber security measures. Contact us today to learn more!
Dec 16 2014
Posted by Sara Davis
An ongoing attack into corporate America has been trying to infiltrate more than 100 mostly pharmaceutical and health care companies in one of the latest examples of cyber security breaches regarding financial data. This time, the goal is not to take money, but instead to take information. The objective is market-moving information about publicly-traded companies that can be used for a different kind of crime – insider trading.
Cyber security firm Fire Eye recently disclosed the operation, telling Reuters that the hackers were very specific in their method of attack: They targeted only people with access to inside information that could be used to make profitable trades before that information became publicly available.
While Fire Eye declined to disclose the identities of specific victims, the firm says victims include corporate advisors, investment bankers, attorneys, investor relations firms, and others that could have access to corporate information. Fire Eye acknowledges that information has been compromised, but the firm says it does not know whether any trades were made using that information. Fire Eye calls the group “FIN 4” because it ranks number 4 among the large, financially motivated groups that Fire Eye tracks. Fire Eye has already reported the group to the FBI, though the bureau is not commenting on FIN 4 for now.
FIN 4 doesn’t operate by infecting corporate computers with malware. Instead, its hackers steal e-mail account passwords. Using those compromised accounts, the hackers then send phishing e-mails to try to gain inside information. Fire Eye says that FIN 4 covers its tracks by using Tor, a service that masks the location of Internet users.
“They are going after the weakest link in the security chain, people,” Kevin Westin, a security analyst for threat detection firm Tripwire, told Top Tech News. “Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”
Strict password protocols are a must for thwarting hackers seeking inside information. Employees should be required to have different and distinct passwords for each web service they use from the company. Corporations should also consider two-factor authentication, which would require users to enter a second code provided by text message or on another device, such as an authentication device that changes passwords each time it is used. And employees should be trained on phishing tactics that could be used to procure sensitive business information. To learn more about how to make your business more secure, contact us.