Cybersecurity Insights

Richard Jones

Help, I may be victim of a data compromise. What to do next?

04/02/15 09:30

There is little doubt that many retailers are visited on a daily basis by ‘customers’ whose intention it is to steal rather than pay for the goods on show. Physical security has evolved to make their criminal intentions that much more difficult to put into practice. CCTV, store detectives, security tags are some of the more obvious controls that help retailers to avoid ‘shrinkage’ as it is known in the trade. I am sure there are other tools and techniques that go unseen, however it is proof if ever it were needed that those with criminal intent are in our midst.

Although far less obvious, the same is true in our interconnected world.  Systems are regularly being ‘attacked’, the bad guys are regularly visiting your store; however as in a physical store, the key is ensuring that they leave empty handed.

If they leave with sensitive data - in this case credit card numbers - then you have had a data compromise.

e259b111-d3c6-4d8f-b50d-83af7d21f2c6-620x372

 

Your Business is a Target 

Every year large numbers of merchants become victims of compromises and invariably end up with a large bill to clear up the mess. Indeed for some small merchants it can spell the end of their business.  

That said, this need not be the case.

Being aware of the risks goes a long way to helping you avoid becoming the victim of a card data compromise. And even if it does occur there are ways of making the situation a lot less painful.

Foregenix is a specialist PCI Forensic Investigator and gains first-hand insight into the situations that expose organisations to avoidable risk. And before you ask, it’s not just something of concern to those selling their goods and services online. More and more customer facing merchants are succumbing to criminal intent within their own workforce and the 3rd parties that they trust to support them. 

The key to successfully defending any business is to spot the attacks before they can do damage. Just like the store detective, the skill is being able to spot suspicious behaviour, anomalies in the way things normally work that should alert you of the fact that things are not quite as they should be!

Foregenix specialises in solutions that can spot evidence of ‘tampering’, actions that are going on unseen, actions that are often the precursor to a compromise.  Both for the Web and in-store enviornments - see Foregenix Security Essentials for more information.

As things stand most small merchants are not equipped with the cyber equivalent of the ‘store detective’ and as such the first you will know about a suspected compromise is when you receive a disconcerting call from your acquiring bank.  What’s generally even more concerning is that you are likely to have succumbed to criminal intent and that the said intruder has been lurking in your systems for many months! The extent of the compromise is therefore largely unknown, which is why such incidents can prove catastrophic for small businesses.  

Quite what your liability is, will be down to your acquiring bank, however it is a clear reminder of the need to retain PCI DSS compliance in line with that required for the payment channels you use.

"You've Been Compromised"

Let’s imagine you have received ‘that call’ from your acquirer. You are effectively entering uncharted territory. You will almost certainly be required to engaged with a PCI Forensic Investigator (PFI) - of which there are relatively few - to carry out a forensic investigation. Any delay at this stage could mean you remain exposed to more fraud.  That said, faced with large proposals for PFI services, it is understandable why many small merchants consider they are ‘stuck between a rock and a hard place’.   

If you have ever tried to get a plumber out on Christmas Day you will appreciate that recruiting help sometimes comes at a premium!  Clearly plumbers come at a price, however you are unlikely to demand their presence on that particular day were it something that could wait!  And so it is with a PFI.  Once you have secured the resource, you then have to factor in the amount of time it will take to complete the investigation. What slows down the investigation and often serves to rack up the costs is the logistics associated with evidence collection. Simply getting to your location, capturing the data and returning to the lab for investigation is time consuming and thereby adds considerably to the cost of the engagement.

Once collected, an initial assessment will seek to establish the extent of the compromise, why it happened in the first place which can in turn indicate that you could be ‘bleeding’ elsewhere. Consider this as a sort of diagnosis exercise that must be completed quickly before actually delivering the cure.

In an attempt to speed up the process and reduce your exposure to further card compromise, Foregenix has launched its ‘First Responder Service’ (for more infor on how Foregenix is changing the PCI Forensic Investigation approach see our recent blog article - /the-paradigm-shift-in-pci-forensic-investigations).

The First Responder Service service has been expressly designed to benefit organisations who are required to initiate PFI investigations at the request of their acquiring bank. Remote deployment of our specialist tools, facilitates rapid, secure evidence collection, which in turn usually provide a swift prognosis of the cause and effect of a suspected compromise. What’s more the tools can be used to neutralise the criminals, cap the flow of card data at the compromised location whilst being proactively deployed to other locations to deliver the same benefits.

Contact Foregenix if you think you may have suffered a compromise and more importantly talk to us about how the same tools can be proactively deployed to prevent this sort of thing happening in the first place !!    

Contact Us      

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More