Live Webcasts
Live Webcasts

What keeps you up at night webinar series

Join us every month to discuss top business challenges.

Tag Archives: data security

cyber attack image

More Cyber Attacks are Imminent and Here’s Why [Study + Key Takeaways]

Over the past 15 years, the hacking industry has evolved from being individually-driven to being carried out by complex organizations that are well-organized, more efficient and better equipped to capitalize from stolen credit card data.

As each new large-scale hack emerges and gains widespread attention, the incentives for more hacker markets increase, thus underscoring the fact that credit card hacks are becoming ubiquitous and are imminent for most Americans.

Non-profit national security think tank RAND Corporation recently released a study entitled “Markets for Cybercrime Tools and Stolen Data” in which the evolution of cybercrime and its now more modernized global operations are discussed in great detail.

Here are five takeaways we’ve identified from the study:

1.) Black and gray cybercrime hacker markets continue to emerge as its proven to be an extremely lucrative business with relatively low investment and minimal barriers to entry.

2.) Black market hacking organizations are difficult to identify and understand by law enforcement, as they are geographically spread out, diverse, segmented, and usually hidden under anonymity and encryption.

3.) Black cybercrime markets mirror the normal evolution of a free market – in both innovation and growth. There has been a steady increase in the availability of goods and services offered by black cybercrime markets, from stolen records and exploit kits to “stolen-to-order” goods, such as intellectual property and zero-day vulnerabilities.

4) There will be more activity in darknets, more checking and vetting of participants, more use of cryptocurrencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions.

5) Exploitation of social networks and mobile devices will continue to grow, and there will be more hacking for hire, as-a-service offerings and brokers as the markets grow in size and complexity.

Given the information provided by the study, questions remain around how we can suppress and/or prevent such hacks from taking place. RAND Corporation suggests “mandates for encryption and point-of-sale terminals, safer and stronger storage of passwords and user credentials, and implementation of ‘chip and PIN in the U.S.'”

Paymetric develops best-in-class electronic payment acceptance and data security solutions. As RAND Corporation suggested, storing sensitive cardholder data on-site leaves your systems vulnerable to attacks by hackers.

XiSecure® On-Demand for Cardholder Data is our award-winning proprietary tokenization solution that eliminates the transmission and storage of sensitive data in your internal systems, dramatically improving data security and minimizing the risk of a data breach and brand exposure. Click here to learn more about our data security solutions.

Read and download the full study here.

Paymetric featured on PYMNTS.com podcast about payments trends and ideas in the U.S.

PYMNTS.com: Securing $30 Billion Worth of B2B Payments [Podcast]

Take any type of payment within an enterprise, enable its acceptance through seamless ERP integration, and secure it with a token. That’s the job of of enterprise payment acceptance solution provider Paymetric, which is driving over $30 billion worth of payments, says Paymetric CEO Asif Ramji.

During the podcast, Ramji shares how Paymetric helps global Fortune 500 brands accept, secure and optimize payments, and how future payments trends and ideas in the U.S. will shape the industry as a whole.

Read the full story and listen to the podcast here.

Image about PCI compliance and data security webinar by Paymetric

Upcoming Webinar: Keeping Your SAP System Fully Compliant and Secure

Join us on October 23, 2014 at 1:00 pm ET for an expert webinar as we uncover the growing risks associated with storing sensitive card data in your internal merchant systems and how you can simplify the process of protecting your customer’s data – reducing risks and keeping your systems PCI compliant and secure.

In this webinar, you will learn:

  • Common data security challenges faced by companies in their SAP systems
  • Best practices when dealing with RAW card numbers
  • How Paymetric’s XiIntercept solution can be put to use in your SAP environment
  • How to train your users to keep your system compliant

Presented by: Eric Bushman, Vice President, Solutions Engineering, Paymetric

Register today to learn more!

data breaches

5 Critical Factors to Help You Stay Protected from a Mega Data Breach

Data breaches are hitting the news more than ever before and the trend is getting worse. How much do you know about these breaches and what you can do to protect your data? Read on for the top 5 takeaways from our recent webinar to learn how you can keep your SAP-based business protected.

1. What causes data breaches?

According to a study by the Ponemon Institute, over 37% of data breaches are caused by a malicious or criminal attack, 35% are caused by a negligent employee or contractor and 29% are caused by system glitches. The takeaway here? Data breaches can- and do- result from a multitude of causes and it’s important to make sure your business is taking precautions to protect itself from each type of threat.

2. The impacts of a breach to your business are HUGE

Once a potential breach is discovered, the effects begin to snowball. Companies affected by data breaches not only face fines and litigation fees, but must foot the bill for investigations and audits. Perhaps the worst, however, is when the news hits the media. Breached companies can be faced with a negative brand reputation, loss of business and customer trust and even a potential decline in share value.

3. So what can you do?

Imagine thieves breaking into a vault they think is full of gold. But once they get it open- it’s totally empty. Thieves cannot steal what is not there and the same goes for your data. Turn the sensitive data that is left in your system into data that is totally worthless to anyone on the outside through the use of tokenization.

4. Understand the premise behind tokenization- and use it!

Tokenization replaces a sensitive data value with a “token” value that is useless to anyone outside of your system. Systems that use tokenization are no longer storing raw sensitive data or encrypted data. And unlike encryption, tokenized data cannot be reverse engineered back to the original data. If the system is breached, the original data is safe.

5. Tokens can protect more than just credit card data

So maybe you don’t accept credit cards and think you’re safe? Think again. Data breaches can affect much more than just payment data. Any type of sensitive data- including social security numbers, bank account numbers and medical records- can wreck havoc on your company if exposed. Use tokenization to protect all types of sensitive data to give your company, your employees and your customers peace of mind that their data is safe.

What You Need to Know About the Home Depot Data Breach

It’s been confirmed—Home Depot publicly reported that the company has experienced a data breach impacting debit and credit cards. Have you used a credit card in the past 4-5 months at the Home Depot? You might as well consider it stolen.

Here’s what you need to know about the Home Depot breach so far:

• While credit card data was exposed, Home Depot stated that PINs were not.
• The breach affected Home Depot’s U.S. and Canadian stores.
• HomeDepot.com transactions were not affected.
• Home Depot is saying that the breach impacts customer credit and debit card numbers used in-store between April 2014 and September 2, in the U.S. and Canada.
• If the cards currently being sold by hackers are actually the cards stolen from Home Depot, the breach likely exposed the customer’s name, card number and expiration date.

What is Home Depot doing about this incident?

• The company has removed the malware from their POS network and is still investigating the incident. The company has hired recovery experts as well as two security firms to ensure this incident doesn’t happen again.
• Home Depot is also offering identity protection to any customer who used a card at one of their stores from April 2014 until now. If you have used your card at a Home Depot store during those dates and would like to take advantage of the offer, call 1-800-HOMEDEPOT.
• Additionally, Home Depot is planning to roll out EMV (Chip and Pin) to all U.S. stores by the end of the year.

Could the Home Depot Breach Exceed the Target Breach?

The Home Depot—It’s the latest company investigating a possible data breach in which hackers may have stolen credit and debit card information from consumers at all of the home improvement stores locations. That’s 2,200 U.S. stores.

If the majority of the Home Depot stores were indeed hacked, this breach would exceed the Target data breach, which involved 40 million accounts in three weeks. Target said last month that its breach cost $148 million—and if the Home Depot Breach is larger than the Target breach, it’s going to cost them big time.

According to experts, the attack is similar to the one Target experienced. The hackers likely installed malicious software on the Home Depot’s point-of-sale cash registers, which enabled them to steal bank account information, names, card expiration dates, and other data.

While it is still unknown whether or not Home Depot actually was breached, customers of the store need to pay close attention to their bank, credit and debit card accounts and should report any suspicious activity to their bank.

2014—The Year of the Hack

According to CNNMoney, in the last 12 months alone, hackers have exposed the personal information of 110 million Americans—roughly half of the nation’s adults.

Tallied by the Ponemon Institute, that massive number is made even more mind-boggling by the number of hacked accounts: up to 432 million.

While the exact number of exposed accounts is hard to pin down due to some companies not being fully transparent about the details of their breaches, the damage is real. Each record usually includes personal information, such as your name, debit or credit card, email, phone number, password, birthday, security questions and physical address. Even if basic information about you is stolen, it can still be easily paired with stolen credit card data, empowering imposters.

While we may be experiencing “data-breach fatigue,” according to researchers at Unisys, the most recent numbers still make for a startling list:

• 70 million Target customers’ personal information, plus 40 million credit and debit cards
• 33 million Adobe user credentials, plus 3.2 million stolen credit and debit cards
• 4.6 million Snapchat users’ account data
• 3 million payment cards used at Michaels
• 1.1 million cards from Neiman Marcus
• “A significant number” of AOL’s 120 million account holders
• Potentially all of eBay’s 148 million customers’ credentials

What’s Keeping the CSO up at Night?

In the 2014 Global Information Security Survey and the 2013 State of the CSO, revealed that the demand for skilled IT security professionals continues to strain organizations’ ability to fill security positions. Finding skilled information technology workers was identified as of the greatest challenges for 31 percent of large organizations.

Additionally, the increased use of enterprise data, the greater complexity of IT architectures and the demand within all enterprises to understand all of the security-related data generated is going to continue the drive the demand for security pros to work with data scientists to be able to better pinpoint and respond to threats.

So, the CSO/CISO is often in the hot seat to ensure that their IT infrastructure is secure, regardless of the complexity of legacy systems, CRMs, ERPs or web stores. Tokenization is a best in practice approach to ensuring the security of the data in these systems. In fact, Gartner estimates that 25% of its clients are moving toward tokenization technology to protect business and customer information.

How do you secure your enterprise systems?

 

 

 

 

 

10 Cyber Security Best Practices You Should Follow

It’s simple. Poor data security can ruin your business. And with the amount of security breaches over the last year, businesses more than ever need to be taking precautions to keep their data safe from virus infections, hacking attacks or other system security breaches.

To help keep your business and sensitive data safe, here are 10 cyber security best practices you should follow:

1. Implement antivirus, anti-spam & firewall protections
2. Carry out regular security updates on all software & devices
3. Employ a resilient password policy (minimum eight characters & should be changed regularly)
4. Secure your wireless network
5. Establish a clear security policy for email, internet & mobile devices
6. Educate your staff in good security measures & perform employee background checks
7. Create & test back-up plans, information disposal & disaster recovery procedures
8. Carry out regular security risk assessments to identify important information & systems
9. “Stress test” websites regularly
10. Check provider credentials & contracts when using cloud services

For even more information about how to secure your data, click here.

Data Breaches—Who is to Blame?

With the ongoing news coverage of major security breaches, consumers are being reminded that cardholder data isn’t as secure as it should be. For merchants and issuers, this poses questions about how this is affecting U.S. consumer behavior. How aware are consumers about these data breaches? More importantly, who are they putting at fault?

A recent survey of 1,000 consumers conducted by TSYS showed interesting information about who consumers find responsible for the breach—whether it be the merchant or the issuers and card networks. Here are a few key takeaways from the survey:

Who is aware of recent data breaches?
83 percent of the survey’s respondents said they were aware of the recent breaches and 75 percent said they learned about them through media coverage.

Who are consumers holding responsible for the breaches?
About 64 percent of consumers said they hold the merchants responsible for the breaches, while 28 percent said the banks and card networks are at fault. Additionally, 67 percent said they expected their banks and card networks to notify them when incidents like this occur. But in regards to making up for the damage and making things right, 61 percent said it is up to the banks and card networks.

How are consumers responding to the recent breaches?
Of the respondents, 88 percent said consumers should play a role in protecting themselves against a security breach. About 31 percent said they’d be willing to pay for additional security. Additionally, 63 percent of respondents said they’d switch banks to one that offered better security features, and 71 percent said they would switch banks to one that guaranteed all losses would be reimbursed.

 

“"
Thank you for visiting our site, due to the size of your mobile device, you need to rotate it 90° to view this site.