Visa Security Alert: Insecure Remote Access and User Credential Management
By SBE Council at 14 July, 2014, 3:46 pm
Visa has recently observed an increase in malicious remote access activity associated with unauthorized access to merchant Point-of-Sale (POS) environments and ultimately, payment card data. These attacks are suspected to have occurred as a result of compromised username/login credentials combined with remote management software exposed to the Internet
Visa has highlighted these security issues in a data security alert, which can be accessed here. This publication outlines the common remote access vulnerabilities and provides security practices to mitigate these risks. This data security alert may be disseminated to all payment system stakeholders. The alert can also be found at the Visa Data Security website at www.visa.com/cisp.