News

ABA advisory outlines cyberthreats targeting payments players

December 5, 2016

A new advisory from the American Bankers Association offers information and recommendations to help merchants, payments processors and others mitigate cyberexploitation tactics, techniques and procedures.

Many of these TTPs have been observed by members of the Financial Services Information Sharing and Analysis Center, the Retail Cyber Intelligence Sharing Center and the United States Secret Service — all of which collaborated on the advisory, the ABA said. The TTPs discussed in the advisory include:

• trends in attacks against terminals using older technology
• unauthorized remote access
• attacks against online merchants who use open-source shopping carts
• the exploitation of commercial application vulnerabilities
• email phishing
• unsafe web browsing carried out on computer systems used to collect, process, store or transmit customer information.

Some of the TTPs in the advisory have been reported previously, and have been included in the latest edition because attackers continue to be successful with them.

The document provides recommended security controls and provides recommendations to assist smaller merchants as they work with their vendors to implement the recommendations.

Download a PDFof the 15-page advisory.