Best Network Security Practices for Merchant Processing
Protecting and securing consumer data should be an imperative policy. Securing consumer data can increase consumer shopping confidence and add value to your business reputation. Here are some guideline for safeguarding merchant terminals from internet hackers. While not all the policies listed below may be necessary, it is recommended that you properly understand all network vulnerabilities and implement a series of policies based on potential exposure.
- Purchase a leading Anti-Virus and stay patched, updated.
- Review firewall configurations and ensure that only allowed ports, services and Internet protocol (IP) addresses are communicating with your network. This is especially critical for outbound (e.g., egress) firewall rules in which compromised entities allow ports to communicate to any IP address on the Internet. Hackers leverage this configuration to ex-filtrate data to their IP addresses.
- Segregate payment processing networks from other networks.
- Apply access control lists (ACLs) on the router configuration to limit unauthorized traffic to payment processing networks.
- Create strict ACLs segmenting public-facing systems and back-end database systems that house payment card data.
- Implement data leakage prevention/detection tools to detect and help prevent data ex-filtration.
- Implement tools to detect anomalous network traffic and anomalous behavior by legitimate users (compromised credentials).
Resources: US-CERT – Department of Homeland Security
See related links: