Advisory focuses on securing merchant payment systems
JULY 8, 2015 -- An advisory focusing on methods for securing merchant card payment systems from the risks of cyber exploitation has been published by three key players in cybersecurity.
The “Securing Merchant Card Payment Systems from the Risks of Remote Access” alert and recommendations is published by the Financial Services Information Sharing and Analysis Center (FS-‐ISAC), The Retail Cyber Intelligence Sharing Center (R-‐CISC) and the United States Secret Service with the support of VISA, Inc.
Specifically, the advisory provides information on and recommendations for possible mitigation of common cyber exploitation tactics, techniques and procedures (TTPs) against retailers. According to the advisory, the TTPs have been “consistently and successfully leveraged by attackers in the past year.”
The TTPs discussed in the advisory include:
• Unauthorized access via remote access;
• Exploiting commercial application vulnerabilities;
• Email phishing;
• Unsafe web browsing from computer systems used to collect, process, store or transmit customer information.