Involve employees and limit access

• Get everyone on the same page. Review data security practices to ensure employees protect sensitive data.
• Limit who has remote access to your systems. Only provide remote access to those whose job requires it. Do not share remote access credentials. Ensure everyone has a unique username and password.     
• Do not allow guest accounts. Guest accounts allow anonymous computer and system access. Disabling these accounts protects against unauthorized users.
• Limit login attempts. Set your remote access to lock out a user after three failed login attempts, and ensure administrators are able to unlock authenticated accounts.
• Minimize third-party vendors’ access and monitor it regularly. This can be accomplished by a second authentication factor that requires the third-party to telephone the site and speak with an authorized manager who knows the vendor. The on-site manager may then authorize a temporary access controlled remote session for the vendor. When a vendor’s work is complete, the on-site manager should perform a due diligence check and terminate remote access.
  

Strengthen systems

• Keep firewalls updated. This helps ensure inbound firewall rules provide adequate protection.
• Maintain PCI compliance. Implement and maintain Payment Card Industry Data Security Standard (PCI DSS) for ongoing data security protection.
• Run vulnerability scans. These scans allow organizations to find and fix both internal and external vulnerabilities in a timely manner.  
• Store and monitor logs. Monitoring log activity can help identify suspicious activity alerts, such as if someone tried logging in multiple times at odd hours.
• Optimize your real time risk monitoring settings on transactional fraud monitoring solutions. For most financial institutions deploying Visa Advanced Authorization and Visa Risk Manager (VAA/VRM), settings are already in place so please check that the settings have been activated.

We help our partners stay nimble and solve the most critical security challenges through our continued investments in risk intelligence and technology, like deploying Artificial Intelligence, empowering consumers and clients with tools and setting governance processes.

Visa has introduced new security capabilities available to Visa clients. These capabilities add to existing protections and include:

• Visa Vital Signs – Actively monitors transactions and alerts financial institutions of potential fraudulent cash withdrawal and purchase activity that may indicate a cashout attack. To limit financial losses for financial institutions, Visa can automatically or in coordination with clients, step in to suspend malicious activity.
• Visa Account Attack Intelligence – Applies deep learning to Visa's vast number of processed card-not present transactions to identify financial institutions and merchants that hackers may be using to guess account numbers, expiration dates and security codes through automated testing. The machine learning technology detects sophisticated enumeration patterns, eliminates false positives, and alerts affected financial institutions and merchants before fraudulent transactions begin.     
• Visa Payment Threats Lab – Creates an environment to test a client’s processing, business logic and configuration settings to identify errors leading to potential vulnerabilities. For example, Visa can verify if a financial institution is effectively validating cryptograms—dynamically generated codes unique to each transaction—for EMV® chip transactions.  
• Visa eCommerce Threat Disruption – A proprietary solution that uses sophisticated technology and investigative techniques to proactively scan the front-end of eCommerce websites for payment data skimming malware. Identifying potential website compromises limits the amount of time malware might be present on a merchant website and significantly reduces exposure of customer and payment data.

These capabilities complement Visa Payment Threat Intelligence, which provides actionable and informational cyber intelligence to clients and merchants worldwide. It offers timely intelligence reporting, technical delivery and educational materials. This includes alerts, analysis, technicali indicators, and mitigations for potential cybercrime threats, account compromise and fraud.

Contact your representative for more information on how ‘Visa’s got you covered’ and the latest payment security services to help prevent and disrupt payment fraud.