Payoneer, keeps your funds safe.

in #life7 years ago

LogoNEYTVMarketingPNG.png

Payoneer, keeps your funds safe.

The choice of a payment service is an important decision. Although low rates, flexible payment options and other value-added services are very useful, these solutions must also be accompanied by a company that has a solid security infrastructure. Therefore, there are millions of customers around the world who are turning to Payoneer to manage their international payments and be able to grow their businesses.

The technology, operations and experience of Payoneer have proven to be invaluable in preventing all types of cyber attacks. This is clearly evidenced in the multi-layered approach with respect to account appropriation mitigation (ATO), one of the pillars of the cybersecurity strategy.

To get a better idea of ​​why so many users trust Payoneer, here we'll demonstrate how the combination of security tools and risk management capabilities protect against account hijacking attacks.

But, first of all, let's see what the ATO is and its possible consequences.

What is account appropriation?

In the ATO, an attacker participates who steals a user's login credentials to enter his account, where he can access private information. There are several common methods used to access an account:

Credentials filling: in this way there is an attacker accessing an account with login data stolen from a previous data leak.

Social engineering: in this method there is a hacker who pretends to be a site administrator or another trusted role and convinces the user to provide his login information. Identity spoofing in emails and text messages is the most popular way to execute the social engineering attack.

Brute force attacks: In this attack, a bot is used to enter a massive amount of combinations of usernames and passwords on a platform until it can finally infiltrate an account.

Users can follow several steps to avoid account appropriation. Beginners should make sure to use a different unique password every time they sign up for a new online service. This means that if one of your accounts is compromised, the attacker will not be able to use credential padding to enter their other platforms. In addition, it is important to control emails and messages that may be part of a social engineering attack and never provide passwords to anyone. Remember that Payoneer will NEVER ask for your username or password by email, phone or chat.

Below are some steps that Payoneer follows to mitigate and detect the ATOs.

Payoneer's multi-layered approach to prevention and detection of ATO
To avoid account appropriations, some proactive methods are used that prevent bots and hackers from reaching a user's accounts. Among them, are the following:

CAPTCHA requests: CAPTCHA challenges are used in various places in the system, including the login page. This prevents bots from exerting brute force on a user's account.

Web Application Firewalls (WAF): Payoneer uses internal and cloud-based WAFs to detect bots and prevent them from reaching the site.

Software for the location of bots: Payoneer uses a software that tracks the activity of bots on your website based on certain factors, such as typing speed and mouse movements. In addition, they can encode password fields in web browsers to prevent bots from registering user passwords.

Duplicate site crawling: One of the methods that attackers use to run an ATO is to duplicate a site in a different domain name. The social engineering attack is used to trick users into visiting a fraudulent site and enter their login information there. Therefore, it is an advanced software to track duplicate sites and, after verifying that they are really fraudulent, they are deactivated.

Proactive searches of user accounts: Payoneer uses multiple cyber intelligence services to proactively search customer accounts data that are compromised, both in the clear and in the dark web. If a user's login information is found, it is immediately notified and the password is changed.

While the above steps can effectively block many ATO attempts, we know that they are not always enough. Hackers are constantly developing new tools and methods to access user accounts, which means that it is not enough just to prevent attacks. In addition to the prevention systems mentioned above, Payoneer has implemented other sophisticated capabilities and tools to detect attacks:

The access controller: RSA adaptive authentication

RSA adaptive authentication is an intuitive user verification system that evaluates the risk factors, for example, country, IP address and transaction size to mark any anomaly in the account. After detecting the activity that an ATO may indicate, the system requires that additional identification steps be completed, such as answering security questions, to ensure the protection of the account.

This threat detection system uses the latest automatic machine learning statistics technology. This allows you to adapt and record new threats in real time, and always be one step ahead of hackers, ensuring complete protection of data for users.

The selector: Rule-based monitoring

The rules-based monitoring engine is a support tool that uses predefined rules to identify suspicious behavior in a user's account. Once a rule is activated, forensic analysts can investigate the situation to determine if an account appropriation has occurred.

For example, an abnormally large account transfer, especially to a new Payoneer account, is very likely to activate this rule engine and require an investigation. If an ATO is identified, the activity of the account is immediately suspended and the owner of the account is notified.

The protector: Risk models and behavior profile

Complex programs of risk model and behavior profile are used to analyze suspicious transactions of users. The information we receive from these analyzes is used to predict future malicious behavior that may indicate an account appropriation.

For example, risk models take into account data related to suspicious behavior, such as an unusual amount of international payments to a specific country or high transaction volumes from a new device, and use them to detect accounts that show the same behavior.

The receipt: Customer Comments

It is clear that no matter how advanced the technology is used, there is still nothing to replace the intuition of human beings. Therefore, Payoneer maintains a constant open line of communication with its users. This allows you to quickly detect a suspicious account activity, which is then subjected to the steps described above.

The ATO is an inherent threat that requires innovative and proactive mitigation steps by users and service providers. Although we can not disclose all security measures here, we can say that Payoneer's mitigation methods actively block access to confidential data by bots and malicious actors, while ensuring that any suspicious activity is immediately taken care of to protect the accounts.

For this reason and many more, some of the leading digital brands in the world, such as Amazon, Airbnb and Google, together with millions of SMBs globally trust Payoneer.

IF YOU WANT TO HAVE YOUR PAYONEER SAFE ACCOUNT, OPEN IT FOR FREE
HERE http://www.yko.io/AbqdX

#blog #neytv #news #mindset
7 years ago in #life by
$0.00
    7 votes
    Reply 0
    Sort:  
  • Trending