The recent rash of data security breaches stemming from insecure remote access and user credential management issues has prompted Visa to issue a Data Security Alert to all merchants and the acquirers who serve them.
Here is the statement from Visa’s email, which ControlScan received today:
Visa has recently observed an increase in malicious remote access activity associated with unauthorized access to merchant Point-of-Sale (POS) environments and ultimately, payment card data. These attacks are suspected to have occurred as a result of compromised username/login credentials combined with remote management software exposed to the Internet.
Visa has highlighted these security issues in the attached data security alert. This publication outlines the common remote access vulnerabilities and provides security practices to mitigate these risks. This data security alert may be disseminated to all payment system stakeholders. The alert can also be found at the Visa Data Security website at www.visa.com/cisp.
Click here to directly access today’s important Visa Data Security Alert.