WASHINGTON (7/13/15)--Securing merchant card payment systems from the risks of remote access attacks is the subject of a new Financial Services Information Sharing and Analysis Center (FS-ISAC) advisory.
The advisory was prepared in collaboration with the Retail Cyber Intelligence Sharing Center, the U.S. Secret Service and with the support of Visa Inc.
According to the bulletin, many retailers purchase a card payment processing system customized to their industry. The providers of these systems have methods to remotely access these systems to provide support and updates.
Those systems have been successfully exploited in the past, leading to the need for a multifactor authentication for remote access. The bulletin says that “too often, this added layer of security is not configured in remote access platforms, making it a common target in past data breaches."
The bulletin contains a number of recommendations to help mitigate risk and limit the success of attacks and their impacts, including: