Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer.

Published byBrooklynn Burkitt Modified over 9 years ago

Similar presentations

Presentation on theme: "How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer."— Presentation transcript:

1 How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer

2 How Secure Are Your On-Line Payments? Hopefully

3 How Secure Are Your On-Line Payments? Reason: Many Open Areas Of Risk On The Internet Not Like Onsite “Swipe” Transactions Dial up direct line and exchanges information Secure Endpoints. Cannot be altered The Internet Consists of Stores Many places to upload NPI Login and Passwords for some sites Retain Credit Card info / Bank Account info

4 Transaction Flow Begins At The Workstation Communicates Through The Internet Creates Secure Session With Transaction / Payment Processor User Provides Private Information For Transaction Confirmation Of Funds Transfer Is Sent To User

5 Data In Transit Very Secure Encrypted Data Uses “keys” to ensure communication is secure “Man in the Middle” Not easy to set up. Very rarely used now with solid encryption

6 The Endpoints Transaction / Payment Larger Hacks Bigger Payoff Event Makes Headlines End User Workstation Easy To Target Phishing, Email, Web Site

7 Transaction / Payment Transaction Processing Payments can be redirected to Payment Processor Hyperlink or “SandBox” application within web code Could be both Transaction / Processor Increases Risk / Retain NPI Well Secured Environment Payment Processing MasterCard / Visa Strong Perimeter Security Very Secure Transactions New Advanced Technologies In Place IPS (Intrusion Prevention Sensors) Updates Signatures “Real Time”

8 Local Workstation Can Download Malware From Many Areas Phishing: Email sent to you appearing as a known source Contains hyperlink to contaminated web site. Click on the link and download the program Portable Media USB sticks carry malware Browsing Web Pages Ads on the sidebar Redirect to compromised sites Contained In Email Mouse Over Hyperlink To Reveal Actual Site Address www.clownpages.hk/nothinghere/ Attachment could be.pdf /.exe /.gif P2P File Sharing Music download / Bit Torrent

9 Keystroke Loggers Most Common Form Of Malware Easy To Deploy End user does the work by loading the application “Calls Home” When Set Up Sniffs All Traffic From PC Going Out To Web Has search criteria (Filters) Login ID / Passwords 9 digit socials May use a dictionary Records Any String Of Data Behind Keywords Send back data in complete format Complete report of compromised data at end of the day Programmable application Possibility Of Remote Control Removes IP location restriction in “cookies”

10 What Can I Do? Ensure Anti Virus Is Installed Auto update of definitions Threat detection installed IPS / not just IDS Use Email and Web Logic: Never a “free” gift. (Too good to be true) Do I know you? I don’t remember applying for that? Change Your Passwords Frequently Dedicate a workstation for sensitive online transactions

11 What Can I Do? Keep Operating System up to date. Microsoft – Upload of patching for a reason. Patch Tuesday / second Tuesday of the month. Remediates known vulnerabilities. Set Updates to automatically update. Browser Internet Explorer – Version 10 Begins Auto Updates FireFox – Automatically Updates Chrome – Automatically Updates Third Party Application Patching Adobe Products Reader / Writer / Flash

12 Goodbye Windows XP! Windows XP EOL / EOS Yesterday – April 8 th, 2014 No Auto Update / Reboot Critical Patches Cease Call In Support Terminates Windows 7 or 8.1 7 Is Very Compatible 8.1 Is Better Version Than 8.0 Shock Factor / “Skins” Can Be Installed

13 Other Resources Malwarebytes.org Anti-Malware Scanning Application Free Version Download Auto Update When Installed Very Powerful Scanning Engine Reveals “Cookies” and Temp Internet Files Best Of Breed In “Free” Applications

14 Other Resources Microsoft Removal Tools http://support.microsoft.com/botnets http://support.microsoft.com/security/scanner/en-us/default.aspx Be Careful – Creates “Best Practices” On Your PC. Firewall Turns On Sets Up Automatic Update For Windows Enables Internet Explorer’s Privacy Settings Turns On User Account Control (UAC) Cleans Out Your Internet Cache and Browsing History May Shut Off Other Applications Seek I.T. Support If Available

15 Good Too Great Current: SFA Tokens (number on display) Cell Phone – SMS Texts a number to enter “Sandbox” Application USB / Icon Near Future: Remote Web Server will scan your computer. Detect and report malware. Prevent transaction from processing.

16 Smart Phone Payments Is Using a Smart Phone Safe? Apple Apps are screened for malware and viruses Droid Apps can contain malware and viruses Anti Virus available

17 Thank You!

18 Malwarebytes.org http://www.malwarebytes.org/ Microsoft Removal Tools: http://support.microsoft.com/botnets http://support.microsoft.com/security/scanner/en-us/default.aspx

Download ppt "How Secure Are Your On-Line Payments? Brad Rand V.P. Information Technology Infrastructure Manager Information Security Officer."

Similar presentations

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Grass Valley Learning Center www.GVLearningCenter.com Surf the Net Safely Roger Thornburn.

Grass Valley Learning Center Surf the Net Safely Roger Thornburn.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
The Most Dangerous Places on The Web (according to PC World)

The Most Dangerous Places on The Web (according to PC World)
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.

We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Microsoft Office 2013 ®® Appendix A Introduction to Cloud Computing.

Microsoft Office 2013 ®® Appendix A Introduction to Cloud Computing.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Similar presentations

Ads by Google