Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Credit card payments may not be as secure as you'd like

Image Description

Chip-based credit and debit cards are perceived as being very good at fending off skimming attempts and malware attacks. Being able to use your card by tapping it appears to be better than swiping it along the magnetic strip on a point of sale (POS) terminal. But rising numbers of malware attacks on merchants in the US suggest there are weaknesses whichever method you use.

Criminals are exploiting the built-in technology centered around the EMV, the technology originally developed by the three major card suppliers; Europay, Mastercard and Visa. Encryption methods used in EMVs has long been seen as a more secure way of keeping data safe, especially compared to cards armed with just a magnetic stripe.

However, because not all outlets in the US have chip card readers, or due to the possibility of malfunctioning hardware, cards also still carry the magnetic stripe that can be used during transactions. This dual-functionality could be leaving merchants open to ‘shimming’ attacks, which can occur when a series of system cross-checks are being made during a transaction. These include checking the three-digit security code printed on the back of a card.

While all chip-based cards carry much the same data as the magnetic stripe, there are key differences between them. Central to this is a component called an iCVV, or integrated circuit card verification vale. This so-called dynamic CVV found on an EMV chip is different from the regular CVV on a magnetic stripe and helps protect against the magnetic stripe data from being used to create fake magnetic stripe cards.

Magnetic stripe cards

Security issues can also arise if financial institutions haven’t set up their back-end systems as well as they could have. 

Researchers at Cyber R&D Labs recently published a report illustrating how they tested 11 chip card setups from 10 different European and US banks. The results showed that it was possible to harvest data from four, resulting in the ability to produce working magnetic stripe cards that could be used for transactions. 

Indications suggest that point of sale (POS) malware is being used by criminals to capture EMV transaction data. This is then being resold on the Dark Web allowing thieves to produce magnetic stripe variants of chip-based cards.

Visa also recently released a security alert highlighting the issue of compromised EMV chip-enabled POS terminals. Malware variants included Alina POS, Dexter POS and TinyLoader. The alert issued a series of recommendations for merchants to follow in order to reduce the risk of exposure.

Date

03 Aug 2020

Sources


Share


Other Blog

  • You may not be able to get hold of a new Chromebook any time soon

    Rise of remote working and elearning has resulted in a serious laptop shortage.

    Read More
  • Most businesses expect cybersecurity threats to increase over the next year

    Today’s business landscape is creating an environment in which cybercrimes can thrive, and this threat is only set to increase, a new study has found.

    Polling 3,600 business and technology executives from around the world for the report, PwC found multiple factors contributing to the rising threat of cybercrime, including lower barrier for entry for numerous types of malware attacks, rising complexity of organizations due to mergers and acquisitions, remote working, or multi-vendor environments, to name but a few.

    As a result, two-thirds (66%) of UK business leaders believe the cybercrime threat will only increase, going forward, mostly fearing ransomware attacks, business email compromise, and viruses delivered via software updates.

    Challenges

    For Bobbie Ramsden-Knowles, Crisis and Resilience Partner, PwC UK, there are things businesses can do, especially when it comes to ransomware:

    “Whereas other types of crises may be perceived as 'black swan' events that can not be predicted, ransomware attacks have become so widespread that we have seen a common set of challenges and decisions that all organizations would face,” he said. 

    “Developing - and aligning - ransomware playbooks for executive crisis teams and operational responders is a no-regrets move. And, testing these through wargames and exercises can reduce uncertainty, build confidence in the ability to respond and help prioritise focus on preventative measures.”

    Rising complexity in business operations is only rubbing salt in an already open wound. Growth, mergers, and acquisitions, as well as rapid adoption of new technologies and endpoints, have made security difficult, with 86% of business leaders stating the levels of risk are “concerning”. 

    Attacking clouds

    The majority (64%) expect more attacks against their cloud infrastructure, it was said, yet less than half understand cloud risks, based on formal assessments. Supply chain risk is no different - most firms expect more breaches through this attack vector, yet just 42% have formally assessed their exposure.

    To combat the threat, most firms are upping their security budgets for the coming year. However, simply throwing money at a problem does not mean it will go away. Richard Horne, Cyber Security Chair, PwC UK said businesses need to ensure the best possible ROI.

    “Our research found that few organizations are confident they are reaping the rewards from increased spending. For example, while 37% of UK respondents said they had implemented cloud security at scale, just 18% are fully realizing the benefits of their investment. The remainder either weren’t investing in this area or hadn’t yet implemented it at scale.

    “To overcome this challenge and build greater confidence in their security investments, organizations must improve their cyber risk modeling and analysis. This ensures increases in cyber budgets are allocated to priority risks and help build long-term resilience,” he concluded.

    Read More
  • Microsoft Teams vs Google Meet: Which video conferencing service is best?

    Microsoft and Google are two of the biggest technology companies around - so it’s hardly surprising that both have entered the video conferencing space. Microsoft Teams is the offering from the Redmond-based firm, while Google Meet is the solution developed by the firm originally known for its search engine services. 

    Not too long ago, the communication and collaboration field was a more gentle environment, one in which many different services could happily co-exist. However, since the Covid-19 pandemic made face-to-face interaction more challenging, more and more organizations have been forced to rely on digital solutions. As such, competition between services has ramped up significantly. 

    The good news is that both Microsoft Teams and Google Meet represent good examples within the video conferencing field. However, with their respective developers adding new features all the time, this is a dynamic ecosystem. For businesses and individuals looking to weigh up the respective merits of each solution, there are many things to consider.

    In the following guide, we’ve collected all the information you need to decide whether Microsoft Teams or Google Meet is right for your business, comparing plans and pricing, features, security, and more.

    Plans and pricing

    Both Microsoft Teams and Google Meet are pretty generous when it comes to their free plans. Both allow you to use basic versions of each platform for an unlimited time and that will probably be sufficient for individuals that simply want to video call friends or family from time or time, or even sole traders that have infrequent video conferences. 

    For larger companies, however, the limitations that are built into the free versions of both Teams and Meet may feel a little restrictive. For example, the free version of both platforms only allows for up to 100 participants in a meeting at any one time. While this may sound like a lot, it basically rules out company-wide meetings for medium and larger organizations. 

    Teams

    Microsoft Teams' pricing structure is tied into the company's Microsoft 365 plans. Microsoft 365 Business Basic, for example, is priced at $5.00/£3.80/AU$6.90 per user per month and comes with 1TB of OneDrive storage as well as access to Teams. Microsoft 365 Business Standard, meanwhile, is priced at $12.50/£9.40/AU$17.20 per user per month and also comes with desktop versions of Word, Excel, and PowerPoint. While Microsoft 365 Premium adds additional features for $20.00/£15.10/AU$27.50 per user per month. 

    In particular, the ability to add up to 10,000 participants to a meeting with Microsoft 365 Premium is likely to appeal to large enterprises. However, even Microsoft 365 Business Basic increases the time limit from 60 minutes to 24 hours, which saves firms from the embarrassment of having to abruptly finish a call because they are using the free version.

    Google Meet

    Similar to Microsoft Teams, Google Meet is only offered for free as a standalone version but users can opt to pay for Google Workspace, which will provide additional Meet functionality and grant access to other Google tools. 

    Google Workspace Standard costs $6 per user per month and increases the number of licences that businesses can use to 300. Google Workspace Standard, meanwhile, costs $12 per user per month and raises the allowed number of meeting participants from 100 to 150, while Google Workspace Plus, which costs $18 per user per month, takes this figure up to 250. The Enterprise version is priced on a bespoke basis, but adds noise cancelling features and enhanced support.

    Features

    For any business choosing to pay for Microsoft 365 or Google Workspace packages, the most useful feature will certainly be integration with other applications. In terms of core features, however, there isn’t much to separate Meet and Teams. 

    Some of Google Meet’s features include an audio and video preview screen, screen sharing, meeting host controls, and live captioning during meetings. In addition, users can access customizable backgrounds and connection quality adjustments that leverage AI capabilities. 

    Microsoft Teams features, on the other hand, also include screen sharing and customizable backgrounds, but the option of more than 250 app integrations probably means that most businesses will get more from using Teams than they would Google Meet. It just seems to offer more collaboration potential. 

    Security

    For paid users, Google Meets offers complex meeting IDs that add extra protection against brute-force hacking attempts. Teams, meanwhile, offers fantastic security for businesses to employ internally. For example, team owners have a granular level of control, where they can act as administrators and restrict the actions of other users. Considering most data leaks occur because of the actions of internal staff, this feature is a welcome addition. 

    Support

    While Microsoft Teams and Google Meet both offer all the usual channels for customer support, there are a couple of small differences. Teams certainly has a great community of support around it, mainly comprising other users who are happy to lend a helping hand whenever you encounter issues. Conversely, Meet offers video tutorials and a free online course for users. If you prefer to self-learn, this is a great advantage of Google Meet. 

    Verdict

    Deciding whether Google Meet or Microsoft Teams is your best bet will likely depend on the size of your organization. If you’re a sole trader or small business, the simplicity of Google Meet will be difficult to improve upon. However, if you’re a larger company in need of more advanced collaboration features, or you already extensively use Microsoft 365, you’ll be better off going with Microsoft Teams.

    Read More
  • Microsoft Teams is doubling down on this seriously underrated feature

    Microsoft wants to breathe life back into Teams meetings by bringing all attendees into the conversation.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us