Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.
Every so often a web application comes along where a bit of customization is required in your testing strategy to test it properly. The Burp Suite proxy tool is probably one of the most used tools by penetration testers to test web applications. When a situation comes along where its normal customization menu options isn’t sufficient (e.g. using Burp Macros) we can include a custom written Burp Extension to do what we want.
P2PE (Point-to-Point-Encryption) is a standard that is quickly becoming the preferred way for acquirers and merchants to secure customer cardholder data. The industry is ramping up P2PE efforts to combat fraud. The number of payment card P2PE systems, which meet the new industry standard has passed 200 for the first time, highlighting the growing worldwide emphasis on security.
Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.
The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!
Many companies that host payment pages will boast of their ability to securely process payments. Whilst this may be true, it does not mean that your customers data is secure on your website. If you fail to invest in a competent cybersecurity solution, you’re leaving your customers vulnerable to fraud and your business open to a costly breach.
Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.
Every so often a web application comes along where a bit of customization is required in your testing strategy to test it properly. The Burp Suite proxy tool is probably one of the most used tools by penetration testers to test web applications. When a situation comes along where its normal customization menu options isn’t sufficient (e.g. using Burp Macros) we can include a custom written Burp Extension to do what we want.
P2PE (Point-to-Point-Encryption) is a standard that is quickly becoming the preferred way for acquirers and merchants to secure customer cardholder data. The industry is ramping up P2PE efforts to combat fraud. The number of payment card P2PE systems, which meet the new industry standard has passed 200 for the first time, highlighting the growing worldwide emphasis on security.
Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.
The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!
Many companies that host payment pages will boast of their ability to securely process payments. Whilst this may be true, it does not mean that your customers data is secure on your website. If you fail to invest in a competent cybersecurity solution, you’re leaving your customers vulnerable to fraud and your business open to a costly breach.
Discover
Respond
Secure
Assure
