Cybersecurity Insights

Jake Dennys

Increased card usage across the payment landscape

22/10/18 10:44

Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.

Read More
David Kirkpatrick

Testing Problematic Authorisation Tokens With Burp

05/10/18 15:36

Every so often a web application comes along where a bit of customization is required in your testing strategy to test it properly. The Burp Suite proxy tool is probably one of the most used tools by penetration testers to test web applications. When a situation comes along where its normal customization menu options isn’t sufficient (e.g. using Burp Macros) we can include a custom written Burp Extension to do what we want.

Read More
Kirsty Trainer

The payment industry is stepping up the fight against fraud with P2PE

26/09/18 13:38

P2PE (Point-to-Point-Encryption)  is a standard that is quickly becoming the preferred way for acquirers and merchants to secure customer cardholder data. The industry is ramping up P2PE efforts to combat fraud. The number of payment card P2PE systems, which meet the new industry standard has passed 200 for the first time, highlighting the growing worldwide emphasis on security.

Read More
Jake Dennys

Foregenix Live Hack taking centre stage at Mastercard Innovation Forum

25/09/18 13:38

Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.

The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!

Read More
Jake Dennys

Using a hosted payment page? This is why you still need to secure your website.

10/09/18 11:37

Many companies that host payment pages will boast of their ability to securely process payments. Whilst this may be true, it does not mean that your customers data is secure on your website. If you fail to invest in a competent cybersecurity solution, you’re leaving your customers vulnerable to fraud and your business open to a costly breach.

Read More
Jake Dennys

Increased card usage across the payment landscape

22/10/18 10:44

Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.

Read More
David Kirkpatrick

Testing Problematic Authorisation Tokens With Burp

05/10/18 15:36

Every so often a web application comes along where a bit of customization is required in your testing strategy to test it properly. The Burp Suite proxy tool is probably one of the most used tools by penetration testers to test web applications. When a situation comes along where its normal customization menu options isn’t sufficient (e.g. using Burp Macros) we can include a custom written Burp Extension to do what we want.

Read More
Kirsty Trainer

The payment industry is stepping up the fight against fraud with P2PE

26/09/18 13:38

P2PE (Point-to-Point-Encryption)  is a standard that is quickly becoming the preferred way for acquirers and merchants to secure customer cardholder data. The industry is ramping up P2PE efforts to combat fraud. The number of payment card P2PE systems, which meet the new industry standard has passed 200 for the first time, highlighting the growing worldwide emphasis on security.

Read More
Jake Dennys

Foregenix Live Hack taking centre stage at Mastercard Innovation Forum

25/09/18 13:38

Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.

The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!

Read More
Jake Dennys

Using a hosted payment page? This is why you still need to secure your website.

10/09/18 11:37

Many companies that host payment pages will boast of their ability to securely process payments. Whilst this may be true, it does not mean that your customers data is secure on your website. If you fail to invest in a competent cybersecurity solution, you’re leaving your customers vulnerable to fraud and your business open to a costly breach.

Read More