Profile

Cover photo
63 followers|117,271 views
AboutPostsPhotosYouTube

Stream

Foregenix

Shared publicly  - 
 
eCommerce - SECURITY & PCI Compliance

This article is for eCommerce businesses looking at which Self Assessment Questionnaire to complete to validate their PCI DSS Compliance.

SAQ A or SAQ A-EP.

The underlying message is that regardless of which questionnaire you have to answer, the key is to ensure your website is secure - BECAUSE - regardless of whether you have the most secure payment service provider processing your website transactions, if your website is insecure, your customer can easily be stolen.

In this article we also provide you with the questions you need to be asking regarding the security status of your website.

Read more for clarity on SAQ A, SAQ A-EP and website security.

http://blog.foregenix.com/saq-a-saq-a-ep-pci-compliance-and-security-for-ecommerce-businesses

#ecommerce #PCIDSS #SAQA #SAQA-EP

Simplifying SAQ A and SAQ A-EP for eCommerce businesses. If you want to have secure payments, you need to secure your website.
1
Add a comment...

Foregenix

Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach


#malware  
1
Add a comment...

Foregenix

Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

Thảo luận  - 
 
Outsourced eCommerce Payments Targeted by Malware

Whether your eCommerce business uses SagePay, WorldPay, Verifone, Adyen, Ingenico, Ogone, Stripe, or in fact, any other payment processor's outsourced payment acceptance model, this malware will still be able to steal your customer data - if your website is insecure.

Unfortunately a lot of online businesses believe that because they have bought an outsourced payment solution from their payment service provider, that they are secure.

This is incorrect - if the website is not secure, then regardless of who is processing the payment, the payment data can be stolen.

Read more on the Foregenix Blog:
http://blog.foregenix.com/magento-malware-alert-malicious-client-side-javascript

#malware   #magento   #ecommerce  
2
Add a comment...
In their circles
86 people
Have them in circles
63 people
Cao Loan's profile photo
Bryan Hoffpauir (BJ)'s profile photo
Cao Thi Thanh Loan's profile photo
Ciaran Avitabile's profile photo
eBangali's profile photo
Rana Israr Ahmad's profile photo
Downtown eCommerce Partners's profile photo
Colins IT Ltd's profile photo
Ashley Jessica's profile photo

Foregenix

Shared publicly  - 
 
How safe are iFrame and Redirect payment models? They reduce #PCIDSS scope, but recent cases within our Forensic Team show that they aren't always as secure as they should be.
Major UK Payment Service Provider iFrame Man-In-The-Middle Breach affects a high growth UK online business.
1
Add a comment...

Foregenix

General Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

Thảo luận  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

General Discussion  - 
 
Alert: Major UK Payment Service Provider iFrame Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method. The attack specifically targeted the iFrame of a popular UK payment service provider. We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

The MisInformation about iFrames and Hosted Payment Pages

ECommerce businesses have been advised to implement hosted payment pages from their payment service provider, or utilise a redirect payment via iFrame. In so doing they are considered significantly more secure than alternatives, warranting a reduced PCI DSS validation questionnaire. The message reaching much of the market is that if you use one of these proposed payment options on your website, you don't need to worry about security.

This is NOT correct.

An insecure website can have payment data compromised, regardless of whether they use a hosted payment page or an iFrame redirected payment page. Visa issued an alert in 2010 on this issue.

Read on our blog how a well-known eCommerce business in the UK, utilising one of the UK's well known and respected Payment Service Providers' iFrame for payments was compromised and lost a significant volume of payment card data.

http://blog.foregenix.com/paymentserviceprovider-iframe-breach

#malware  
1
Add a comment...

Foregenix

Discussion  - 
 
Outsourced eCommerce Payments Targeted by Malware

Whether your eCommerce business uses SagePay, WorldPay, Verifone, Adyen, Ingenico, Ogone, Stripe, or in fact, any other payment processor's outsourced payment acceptance model, this malware will still be able to steal your customer data - if your website is insecure.

Unfortunately a lot of online businesses believe that because they have bought an outsourced payment solution from their payment service provider, that they are secure.

This is incorrect - if the website is not secure, then regardless of who is processing the payment, the payment data can be stolen.

Read more on the Foregenix Blog:
http://blog.foregenix.com/magento-malware-alert-malicious-client-side-javascript

#malware   #magento   #ecommerce   
1
Add a comment...
Story
Tagline
Security Specialists - focus on Forensics, PCI Compliance and protective security solution development.
Introduction
Foregenix is an independent, specialised information security business, headquartered in the United Kingdom, with regional offices in South Africa, Argentina and Uruguay - our clients range geographically from Russia to Argentina and many countries in between.  

We specialise in the following areas:
Our solutions are designed to simplify and improve security for businesses:


We're passionate about security and securing our clients!
Contact Information
Contact info
Phone
+44 845 309 6232
Email
Address
First Floor, 8-9 High Street, Marlborough, Wiltshire, SN8 1AA, United Kingdom