The Fourth of July is an opportunistic time for shoppers to buy products that are currently in season with the best deals. Name any big product and you are surely to find a good sale offer for the 241st Independence Day. As for any savvy shopper, now would be the most opportune moment to swipe their credit card and purchase whatever desired. Now, both the purchaser and the seller have to be wary about performing online transactions and card transactions due to evolving cyber security risks.
Latest Cyber Security Threats
It is quite alarming that the WannaCry and NotPetya ransomware/malware/wiper attacks transpired just a couple of weeks ago. On this same note, hackers may unleash a new wave of attacks over the Fourth of July holiday period.Countries have been specifically targeted as with the latest trend of attacks. During this year’s celebration, the possibility of targeted reprisal cyber attacks on US business and entities are quite high. Since many businesses in the US still accept payments through magnetic-stripe cards, such machines and networks could be targeted.
Large Card Data Breaches
Remember the massive Target card data breach attack in Dec. 19, 2013? Initially, Target confirmed that hackers had stolen the credit and debit card information of about 40 million customers. Later, this number went up to 70 million people, and along with the card data email and mailing addresses had been stolen. Target is to pay $18.5 million to 47 states as part of a settlement for the huge security breach.
Another popular attack was on HomeDepot, where the Point of Sale systems were compromised using exploitation methods similar to those used in the Target card data breach. In this attack, around 56 million payment card details had been stolen. In both these attacks, RAM scraping malware at compromised POS machines had grabbed the payment card data. In these cases, payment card skimmers had not been used but skimmers are widely used in other payment acceptance locations.
Mitigation Measures for Shoppers
Try to avoid using Magnetic Stripe payment cards – move on to an EMV Chip-and-PIN payment card which is considered more secure.
- When making payments do not allow the card out of your sight
- Do not divulge the PIN to anybody
- When making purchases online ensure that the website is “https://” secure
Mitigation Measures for Businesses During the Fourth of July Holidays
If you have understood the gravity of massive breaches such as Target and Home Depot, you would now be wary and know the importance of ensuring robust cyber security in protecting payment card data of your customers. The huge litigation costs, financial loss, and loss of reputation are a rather very heavy purchase to pay. There are measures that will enable secure and continued running of your business and it is recommended that you follow them.
Upgrade your POS system infrastructure to enable use of EMV Chip-and-PIN payment cards
Ensure Point-to-Point (P2P) encryption, (that would be securing your website with SSL technology.) If you need to accept card payments then your website must have SSL certificate.
You must protect your IT infrastructure – website, servers, network, computers and POS machines. Ensure updated security for all the devices connected to your network by installing a robust endpoint security solution.
Managing a large number of devices including POS devices, as well as ensuring updated security in those devices would be very difficult. Cyber security experts recommend the use of a Remote Monitoring and Management solution that not only makes management easy but also enables rapid response to cyber security threats.