In early September, British Airways announced that it faced a massive data breach. Their website and mobile app were compromised, and personal and financial data of about 380,000 customers were stolen. Worryingly, Ticketmaster faced such an attack. And both of these attacks were allegedly carried out by Majekaart, a hacking group notorious for stealing card details from unsecured payment forms on websites.
If large companies like BA and Ticketmaster are struggling to secure their credit card processing systems, does that mean every business is at risk? This is not necessarily the case, but it does highlight the need for companies to take the security of their card payment processes very seriously. Here we take a look at what can be learned from these attacks.
What do these violations mean?
These violations are an indicator of the general way hackers want to compromise an organization’s payment card processes, a technique known as cross-site scripting (XXS). In the example of Ticketmaster and BA attacks, it is believed that hackers modified the codes of third-party services running on the websites of both companies to disrupt customer card payments as they were processed.
notification service, Feedify.
Is Data Security Compliance Slipping?
These cards are of sufficient concern for data breaches, but they also coincide with one rather than trend; Number of businesses to fully comply with the payment card industry data security standard for the first time in six years in 2017.
This may be due to the fact that some businesses assume, after achieving PCI DSS compliance, they have worked hard. In fact, maintaining compliance is an ever-evolving process and businesses need to keep up to date. Cybercriminals are constantly developing their own strategies and techniques and organizations need to ensure that their defense is customized accordingly.
Now is the time to ensure compliance
Remember that this type of compliance is more than having a certification logo on your website – it is completely critical to the ongoing success of your business. Dealing with the outcome of the attacks will mean removing the problem, as well as facing potential losses. In addition, failing to comply with these rules can result in heavy fines to your business.
Failure to follow PCI DSS may result in organizations facing increased transaction fees, and in some cases, withdrawal of banking services. Noncompliance with the General Data Protection Regulation (GDPR) could potentially be even more severe, with organizations having fines of more than $ 20 million (€ 20 million) or 4 percent of global turnover (whichever is greater).
There has never been a more important time to take cyber security seriously and to ensure that not only do you have security controls and procedures in place to protect your business, it is also imperative.
Importance of web application testing
Web application testing is a type of penetration test specifically designed to identify vulnerabilities in your web applications – including sensitivity for XXS and other types of code injection attacks.
Web application pen tests typically take just a few days to perform, and can be done outside of business hours to minimize any business disruptions. It is advisable to work with a cybersecurity expert capable of performing an independent assessment to identify and detect security expenses.
Importance of web application testing
Given the current security scenario, now is the time for companies to take security and compliance seriously. Failing to do so not only creates significant costs, but can have far-reaching effects on the long-term viability of the business. The team at GlobalSign is ready to help with our comprehensive identity and security solutions to protect businesses and large enterprises.