PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

From April 13 SC Magazine UK (Revised from their earlier April 11 story): Worldpay’s Gateway

Raymond Pucci by Raymond Pucci
April 15, 2016
in Analysts Coverage
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

We recently commented on an April 11, 2016 article in SC Magazine UK which stated that Worldpay’s electronic payment gateway setup pages had potential operational vulnerabilities on credit card details, according to a security researcher. SC Magazine UK updated the story on April 13 to add that the vulnerability was reported on January 27, 2015, and successfully patched by Worldpay within 48 hours. A second flaw was reported in April, 2015, and successfully patched the next day.

Worldpay confirms that there has been no data breach and customer data on Worldpay’s payment processing systems remain secure. The SC Magazine UK revisions are as follows, and the complete revised article is available on the link below:

Technology industry watchers have castigated payments processing service Worldpay for potential operational vulnerabilities. Worldpay is billed as a secure payment gateway for businesses that incorporates the worlds of online payments, card machines and telephone payments.

The firm itself proposes that it delivers a secure proprietary technology platform to enable ‘merchants’ to accept a vast array of payment types, across multiple channels, anywhere in the world.

It is precisely the Worldpay Merchant Portal that Randy Westergren has a problem with. As a senior software developer at XDA Developers, Westergren claims he has found “multiple vulnerabilities” in the Worldpay Merchant Portal. He further states that this is not the first time he has uncovered compliance issues with this kind of payment gateway technology.

“One, an attacker can designate his own postback URL, meaning that after a transaction occurs on the merchant’s site, Worldpay’s server would post the results/details of that transaction to the attacker’s server, including the customer’s name, billing address, phone numbers, email addresses and raw information of the transaction,” he said, referring to a flaw that he reported to Worldpay last year. He reported the problem on 27 January 2015 and it was patched within 48 hours, he says.

“The other danger is that the attacker can control the form’s HTML, meaning it could be used to attack the user client-side (e.g. XSS, clickjacking, phishing),” he said. This flaw was reported in April 2015 and patched the next day.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group

Read the full story here

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023
    mule. real-time

    Early Detection of Mule Activity Requires Real-Time Solutions

    May 22, 2023
    embedded finance, ecommerce

    How Retailers Can Enter the World of Embedded Finance Confidently 

    May 19, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from Brightwell: