2015: A Sheep Year — But A Safe One?

Credit Card Data breaches

2015: A Sheep Year — But A Safe One?

Introduction

The New Year celebrating isn’t quite over yet — next month brings us the Chinese New Year. Those followers of Chinese Astrology know that each year is given an “animal” personality, so our upcoming “sheep year” or data breaches is presumed to be — like its totem animal — somewhat gentle and easygoing.

Credit Card Security in Question

The question is whether that will also hold true with a credit card and payment security since 2014 (a horse year — where things moved fast!) was the year that data breaches became a fact of life for the average consumer.

chinesel_new_year

Indeed, Investopedia, in a recent article about online payment safety, said that 2014 was the year “when consumers came to fear the data breach for real. According to the Identity Theft Research Center, there were 761 breaches in 2014 affecting more than 83 million accounts. Big names like Sony, JP Morgan Chase, the US Postal Service, Target, Home Depot, and, most recently, Chic Fil A are some of the notables that proved that even companies with deep IT pockets are at risk.”

Addressing the Risks

And yet much of that risk could be mitigated. “One study,” the article continues, “found that only 45% of consumers changed their password this year, and the most popular passwords are still ‘password’ and ‘123456.’  If your password is easy to remember, it’s probably easy to hack. It’s time to change it.”

That would be among the easiest of our New Year’s security tips to pass along.

Of course 2014 being what it was, we have even more of them for your edification, from Visa itself.

Insecure Remote Access

One critical point of vulnerability they emphasize is “Insecure Remote Access.”  Such insecurities could “potentially expose payment card data and other sensitive information to cybercriminals. Insecurely deployed remote access applications create a conduit for cybercriminals to login established ‘back doors’ by installing malware,” which turns allows them to swipe customers’ payment info.

Common Vulnerability

Visa lists “common vulnerabilities” to avoid — which include the aforementioned far-too-easy passwords (or using the provided “default” password that comes with your equipment). Other such vulnerabilities include:

*Outdated Applications and Systems. “Older versions of application and operating system software are known to be susceptible to attack”

*Single-factor Authentication. “Remote access can be subject to brute force and password-guessing attacks, particularly when authentication only requires a username and password.”

*Improperly Configured Firewalls. “In some cases, the POS system has a public IP address that is directly accessible from the Internet.”

Conclusion

We’ll talk more about the do’s and don’ts — and the remedies for the “don’ts!” — in our next post!

If you have any questions about safety and security for your own payment equipment and systems, feel free to contact your AVPS Rep! We’re here to make it as “secure” as year as possible!

See you in a week — and enjoy the end of your Horse Year!