Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer.

Similar presentations


Presentation on theme: "How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer."— Presentation transcript:

1 How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer

2 How Secure Are Your On-Line Payments? Hopefully

3 How Secure Are Your On-Line Payments? Reason: Many Open Areas Of Risk On The Internet Not Like Onsite “Swipe” Transactions Dial up direct line and exchanges information Secure Endpoints. Cannot be altered The Internet Consists of Stores Many places to upload NPI Login and Passwords for some sites Retain Credit Card info / Bank Account info

4 Transaction Flow Begins At The Workstation Communicates Through The Internet Creates Secure Session With Transaction / Payment Processor User Provides Private Information For Transaction Confirmation Of Funds Transfer Is Sent To User

5 Data In Transit Very Secure Encrypted Data Uses “keys” to ensure communication is secure “Man in the Middle” Not easy to set up. Very rarely used now with solid encryption

6 The Endpoints Transaction / Payment Larger Hacks Bigger Payoff Event Makes Headlines End User Workstation Easy To Target Phishing, , Web Site

7 Transaction / Payment Transaction Processing Payments can be redirected to Payment Processor Hyperlink or “SandBox” application within web code Could be both Transaction / Processor Increases Risk / Retain NPI Well Secured Environment Payment Processing MasterCard / Visa Strong Perimeter Security Very Secure Transactions New Advanced Technologies In Place IPS (Intrusion Prevention Sensors) Updates Signatures “Real Time”

8 Local Workstation Can Download Malware From Many Areas Phishing: sent to you appearing as a known source Contains hyperlink to contaminated web site. Click on the link and download the program Portable Media USB sticks carry malware Browsing Web Pages Ads on the sidebar Redirect to compromised sites Contained In Mouse Over Hyperlink To Reveal Actual Site Address Attachment could be.pdf /.exe /.gif P2P File Sharing Music download / Bit Torrent

9 Keystroke Loggers Most Common Form Of Malware Easy To Deploy End user does the work by loading the application “Calls Home” When Set Up Sniffs All Traffic From PC Going Out To Web Has search criteria (Filters) Login ID / Passwords 9 digit socials May use a dictionary Records Any String Of Data Behind Keywords Send back data in complete format Complete report of compromised data at end of the day Programmable application Possibility Of Remote Control Removes IP location restriction in “cookies”

10 What Can I Do? Ensure Anti Virus Is Installed Auto update of definitions Threat detection installed IPS / not just IDS Use and Web Logic: Never a “free” gift. (Too good to be true) Do I know you? I don’t remember applying for that? Change Your Passwords Frequently Dedicate a workstation for sensitive online transactions

11 What Can I Do? Keep Operating System up to date. Microsoft – Upload of patching for a reason. Patch Tuesday / second Tuesday of the month. Remediates known vulnerabilities. Set Updates to automatically update. Browser Internet Explorer – Version 10 Begins Auto Updates FireFox – Automatically Updates Chrome – Automatically Updates Third Party Application Patching Adobe Products Reader / Writer / Flash

12 Goodbye Windows XP! Windows XP EOL / EOS Yesterday – April 8 th, 2014 No Auto Update / Reboot Critical Patches Cease Call In Support Terminates Windows 7 or Is Very Compatible 8.1 Is Better Version Than 8.0 Shock Factor / “Skins” Can Be Installed

13 Other Resources Malwarebytes.org Anti-Malware Scanning Application Free Version Download Auto Update When Installed Very Powerful Scanning Engine Reveals “Cookies” and Temp Internet Files Best Of Breed In “Free” Applications

14 Other Resources Microsoft Removal Tools Be Careful – Creates “Best Practices” On Your PC. Firewall Turns On Sets Up Automatic Update For Windows Enables Internet Explorer’s Privacy Settings Turns On User Account Control (UAC) Cleans Out Your Internet Cache and Browsing History May Shut Off Other Applications Seek I.T. Support If Available

15 Good Too Great Current: SFA Tokens (number on display) Cell Phone – SMS Texts a number to enter “Sandbox” Application USB / Icon Near Future: Remote Web Server will scan your computer. Detect and report malware. Prevent transaction from processing.

16 Smart Phone Payments Is Using a Smart Phone Safe? Apple Apps are screened for malware and viruses Droid Apps can contain malware and viruses Anti Virus available

17 Thank You!

18 Malwarebytes.org Microsoft Removal Tools:


Download ppt "How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer."

Similar presentations


Ads by Google