What is Malware?
Many people believe that malware is used to hack a computer system, but this in inaccurate. Malware is a tool that hackers use to steal data from a system that has already been compromised. In other words, the system has to be hacked first, then malware is installed and data from that system is collected and removed.
When a system is compromised, hackers typically get in through a security misconfiguration or by exploiting a securty bug in an application installed on the system. This is why it's important to stay current on security updates and patches for all software that you run on your system.
Malware comes in several forms:
- It can be installed on a payment server to collect cardholder data
- It can be run as a piece of software that crawls files on the system to detect, locate, and steal card holder data
- It can capture keystrokes from computer keyboard or register and capture account numbers
There are several tools available that can prevent and detect malware, including local anti-virus and anti-malware programs, file integrity monitoring (FIM), and outbound internet filtering.
File integrity monitoring tools, do just that ... they monitor sensitive systems and look for irregularities and changes. This could signify a system breach or a malware install and action can immediately be taken.
Outbound internet filtering has to do with firewalls and proxies that can be setup on systems to monitor activity between the system and Internet. Merchant use outbound internet filtering to restrict access to only authorized sites.
Anti-Virus and Anti-Malware programs scan the local system looking for suspicious downloads, trojans, and other malware that may have been injected on the system. It important to have these tools installed on every system and to run virus definition updates daily.
How PCI Compliance Fits In
Merchants who are PCI Compliant have layered security controls to prevent, detect, and react to breaches. PCI Compliance is not optional for merchants ... it's a requirement for all businesses who accept credit cards. Failure to meet the requirements can be catastrophic for business owners if they ever fall victim to a breach on their system.
The standards are set by PCI Security Standard Council. The council is an open global forum, launched in 2006, responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
Their website is extensive and has more information than you could ever want to know about becoming PCI Compliant and maintaining the standard. Full PCI requirements are detailed and outlined here: https://www.pcisecuritystandards.org/
Granted, most merchants who read through these requirements have their eyes crossed within minutes. It can be complicated, but it's essential that you don't ignore it.
At Novera Payment Solutions we work hard to take to take the headache out of PCI Compliance for you. Give us a call ... not only will we save you money over your current credit card processing solution with our flat fee merchant account, but we will guide you through PCI Compliance maze and make it simple to get up and running!