RE: INSECURE REMOTE ACCESS AND USER CREDENTIAL MANAGEMENT
Please read the Visa Security Alert linked here: Visa_Security_Alert_070114
Visa has recently observed an increase in malicious remote access activity associated with unauthorized access to merchant Point-of-Sale (POS) environments and ultimately, payment card data. These attacks are suspected to have occurred as a result of compromised username/login credentials combined with remote management software exposed to the Internet.
The takeaway lesson learned here is not to use “off the self” remote access programs such as LogMeIn, TeamViewer, etc to remote into a payment environment processing credit card transactions. Intruders are using these programs to gain access to your system.
Here is a link to a recent article where a restaurant chain was potentially hacked using the LogMeIn account.
http://pciguru.wordpress.com/2014/07/01/the-flaw-in-requirement-8-5-1/
Only use remote access tools that use two-factor authentication. Here is an example: When remote accessing your payment processing computer, the first step would be to type in your username & password. This is the first factor. The second factor would then be prompted to type in a temporary pin number that is sent to your cell phone via a text message. This pin number is unique and will expire in a matter of minutes and cannot be used again. Once you type in the pin number, only then are you in.
Part of Credit Card compliance requires the remote access program to use two-factor authentication. JCR Systems offers two-factor authentication and includes it with our support plan at no additional cost. If you are not using our tool, please contact us for assistance.
If you are using a remote access tool such as LogMeIn, TeamViewer, etc, that is not using a second factor to gain access, such as a temporary pin number, this Visa Alert explains the risk for malicious remote access activity. Please uninstall these programs immediately and contact us for assistance.