Patch It: Common Network Security Breaches

Many merchants still haven’t adequately protected their customers’ data from falling into the wrong hands, said Joe Majka, vice president at VISA USA, during his talk at the conference of the eCommerce and Catalog Systems Forum, held March 3 and 4 in New Orleans. In his work with merchants, Majka says he still finds many merchants guilty of the following:

¥ No segmentation and/or firewall installed on networks. “Thieves can get into a merchant’s system and go anywhere they want to within that data network,” Majka said.

¥ Un-patched systems and/or default configuration.”I often see merchants who haven’t changed the default password that comes with their [commerce management] systems,” said Majka. “That’s simply too dangerous.”

¥ No encryption or authentication on wireless access points.

¥ Security measures aren’t written into payment applications.

¥ Misconfigurations in remote access solutions.

During this talk, Majka showed an actual Web site put up by identity thieves. Looking like any other e-commerce site, a closer look at the content revealed that these online merchants were selling active credit card numbers in bulk. Site visitors could click on a link and actually purchase 50 or more stolen credit card numbers at once. The site has since been shut down by law-enforcement officials, and its mastermind, a Ukranian national, was arrested and convicted, Majka said.

For more fraud-control measures, visitwww.visa.com