According to FELABAN, from 2018 to this year there have been attacks that have mostly focused on financial institutions, payment applications, processors, local payment networks, and even large payment gateways in the world. Intrusion and data theft-oriented attacks are cases that can be mitigated through a culture of security and awareness over the development of periodic reviews, beyond compliance with audit schemes the adoption of a method of continuous monitoring, optimization and reinforcement of hardening methodologies are important elements when it comes to preventing and protecting your business.
A key factor is keeping servers up-to-date with the latest components and security enhancements that are published by vendors, as non-application or omission poses uncovered vulnerabilities that would lead to serious risks. According to the PCI DDS (Payment Card Industry Data Security Standard) in its latest version of compliance with the security standard in paid applications, it is a fundamental requirement to develop and maintain their systems and applications secure, i.e. companies must ensure that components are installed in accordance with manufacturer recommendations, ideally temporary than one month or up to three months after publication , as this action in mission-critical systems greatly mitigates the risk of breach.
In the face of systems and servers, good practices that facilitate compliance with this requirement are the implementation of periodic patches, maintenance and updating of operating systems and Firmware. On IBM i platforms, it is very important to request the latest components from your vendor through FIX Central and make sure to request Firmware updates, as the latter are usually not included in the update package; As for the Hardware Management Console (HMC), you should be aware that The Firmware is managed by this module and it is necessary to have special updated components (SF99730 and SF99731).
At CLAI PAYMENTS® we accompany our customers in strengthening the security of their platform and in developing the methodology of periodic reviews that allow to proactively identify possible vulnerabilities in their payment platform.
For more information please leave us your details a specialist will contact you shortly.