In support of Data Privacy Day, we’re offering FREE PCI Awareness training to the first 1,000 people who register between 25 January, noon EST – 26 January noon EST. PCI Awareness training helps companies educate employees who handle payment card data on payment data security essentials. Learn more about the offer here.
In the spirit of Data Privacy Day, here are some educational resources on mitigating the three most common causes of merchant data breaches:
Remote Access Vulnerabilities
Remote access is one of the most common attack methods used by criminal hackers and is often used in combination with other attacks such as malware. For example, remote access may be used to get into a merchant’s payment system (by using a commonly known vendor default password like “password” or “123456”). Once in, the hackers place malware on a merchant system which may be used to capture data. Merchants may not even know that remote access software is present or when the remote access is being used, especially if that remote access is left permanently switched on and not monitored.
Weak Password Practices
The second area is weak password practices. Industry reports show that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. Computer equipment and software out-of-the-box (including payment terminals) often come with default or preset passwords such as “password” or “admin”, which are commonly known by criminals.
Outdated and Unpatched Software
Often, software has flaws or mistakes, also known as bugs or vulnerabilities. Cybercriminals exploit these mistakes to break into a merchant’s computers and steal payment data. Software vendors provide security updates called “patches” to fix these coding errors, and need to be installed in a timely manner for maximum effectiveness.
Awareness starts with you and doesn’t stop with Data Privacy Day. Make it an everyday priority in 2018 and sign up for our: