The fact is that all too often the first someone knows that their system has been breached is when they receive a call from their acquiring bank. Someone has reported that they are the common point of purchase for fraudulent activity. It is a conversation every business owner dreads.
The repercussions are serious, triggering a mandatory Payment Card Industry forensic investigation (PFI) which the vendor must pay for. The breach needs to be stemmed and an analysis made of the security issue. If there is culpability, a significant penalty may follow. In addition to that are the financial repercussions to the company’s bottom line and its reputation. So what can be done to anticipate a breach at its earliest stage or, even better, prevent such a breach from occurring?
What are the indications of an Account Data Compromise?
Sometimes it is obvious: a key-logger or a card-skimming device is found. Because malicious attackers are highly skilled, however, more frequently it is a subtle change in activity which is easily overlooked by the vendor until it is too late. Examples of these are:
- Unexpected internet connections: from non-business-related IP addresses or from countries the business has no dealings with;
- Log in by unknown or inactive user IDs; or an unusual level of activity from a recognised user ID;
- Multiple instances of remote access tools present on a system in an ‘always on’ mode;
- The presence of malware, suspicious files, executables or programs;
- SQL injection or other suspicious activity on web-facing systems;
- POS terminals and ATM devices showing signs of tampering;
- Lost, stolen or misplaced sales receipts or payment card data.
What can be done to protect against such attacks?
- Use PFI skills to your advantage: working with a respected PCI company with forensic investigation capability is a great starting point. They already have the forensic skills and tools and can use these to help you to build a robust defence;
- Do not simply tick the annual PCI compliance box but ensure that your compliance is ongoing; continually updated and improved. Working with a PCI compliance expert will help you to do this cost effectively and robustly;
- Get ahead of the game: go a step further than straight forward compliance and conduct a thorough review, including a penetration test and vulnerability scan to highlight your specific potential threats and vulnerabilities;
- Be aware of your future obligations: the General Data Protection Regulation (GDPR) comes into effect in May 2018 and you will need to comply. You responsibilities increase and so do the potential penalties if a breach occurs.
- Consider outsourcing the role of Information Security Officer (ISO): smaller companies will struggle to recruit suitably qualified individuals with the right skill set but working with a Virtual ISO team provides expert strategic input as well as practical input and training.
- Engage with a company that specialises in forensic investigations. They will be able to test your incident response strategy and ensure that you are able to respond quickly and efficiently if the worst ever happens. Be prepared!
What happens in the event of a breach?
Breaches happen. But having the right team on hand to identify, analyse, correct and report on incidents saves money and reputation while reducing future risk and freeing you to continue to trade. SRM’s dedicated response team is on hand 24/7 x 365, providing professional, pragmatic and strategic support in the event of any type of incident, enabling you to focus on your business activities.
In the context of the damage an ADC breach can cause any investment is worthwhile. SRM offers a bespoke retained PFI service, working proactively through regular strategic reviews to develop enhanced risk mitigation and ensure rapid remediation and minimal disruption in the event of a breach.
We do not recommend services or tools you do not need, preferring to use our extensive experience and understanding of the online retail world to set up a targeted plan of action and remediation which will keep your business as secure as it is possible to be. Given the persistence and resilience of cyber attackers there is a remote chance that your system might still be attacked. With a robust plan in place, however, including relevant compliance, then remedial action will be swift and acquiring banks will mitigate their stance.
For more information see: