This content originated from the Payment Smart newsletter from Elavon.Best practices for combating cyberattacksAccording to multiple reports, cybersecurity attacks on digital payments are increasing. These threats aim to steal cardholder data. They include ransomware attacks, digital skimming in which bad actors deploy malware on eCommerce systems, attacks on cloud services and more. If you believe your payment data has been compromised, immediately notify Elavon Client Security at ADCqueries-NA@elavon.com. Elavon Client Security will fulfill breach reporting requirements to the card brands. Elavon Client Security can also work with you as part of your investigation, containment, remediation, security optimization, and post-breach PCI-DSS compliance validation. We also recommend the following best practices to help contain and remediate data breach events resulting from such attacks. In card-present environments Immediately - Stop accepting transactions on the impacted terminal.
- Isolate compromised systems from the network by unplugging the network cable. Don’t turn the unit off or remove/interrupt the power supply.
- Disable remote access ports from the network.
- Change passwords used to connect to the network.
- Accept and settle transactions using an alternate method.
In the aftermath - Implement a firewall with strict inbound/outbound filtering. Prohibit direct public access between the internet and the cardholder data environment.
- Assign a unique username for each user accessing the system.
- Implement two-factor authentication for remote access to the system.
- Install anti-virus software on all systems and enable logging.
- Use a payment application that is compliant with the Payment Card Industry Software Security Framework (SSF).
- Rebuild any potentially compromised system prior to reuse.
In card-not-present environments Immediately - Stop accepting transactions on the impacted server.
- Remove and disable storage of sensitive authorization data.
- Disable remote access ports from the network.
- Change all passwords used to connect or administer the website.
- Authorize and settle transactions using an alternate method.
In the aftermath - Examine firewall settings.
- Review web applications for unauthorized modification.
- Check environment for any storage of 16-digit unencrypted cardholder data.
- Implement a firewall with strict inbound/outbound filtering. Install web application firewall in front of public-facing web applications.
- Assign a unique username to each user accessing the system.
- Implement two-factor authentication for remote access to the system.
- Install anti-virus software on all systems and enable logging.
- Develop web applications based on secure coding guidelines.
- Rebuild any potentially compromised system prior to reuse.
- Ensure logs (firewall, anti-virus, weblogs, etc.) are retained for 90 days on the system and one year offline.
After data security issues have been investigated and remediated, validate your businesses full compliance with the Payment Card Industry Data Security Standard (PCI/DSS). Read more here.* A great way to be proactive is to engage an Approved Scanning Vendor (ASV) and schedule a periodic vulnerability scan of your payments system. View a list of ASVs here.* |