• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

Does it matter if a hacker gains access to a Payment Express Account user id?

A client of mine has had their website hacked. If the hacker now knows the users PxPayUserid (which is a big long random looking string), can they use it for malicious purposes? I couldn't find anything on the Payment Express website saying either way.
0
Terry Woods
Asked:
Terry Woods
  • 3
2 Solutions
 
Neil RussellTechnical Development LeadCommented:
If a hacker has gained access to ANY part of any access token the you MUST assume that your security is compromised and takes steps to change all security information.
This should be done immediately .
0
 
Terry WoodsIT GuruAuthor Commented:
Thanks @Neilsr. I don't suppose you can provide a reference to that in their documentation somewhere?
0
 
Terry WoodsIT GuruAuthor Commented:
It sounds like payments received might be going directly into the client's bank account. I'll check with them to confirm that this is the case. When I enquired with Payment Express, their response was:

Hi Terry,

If this is a pxpay service being used then should be fine.

Everything is redirected to our secure server and there is no way that this can be compromised so should not need to worry. - Payline is updated in realtime so you should be fine to use this to monitor any online orders.

The PxPay userId directly links to your merchant bank account so there would be no use to it for the hackers as if they used this all they would do is direct payments in to your account.

With Kind Regards,

[name withheld]
Junior Technical Analyst
0
 
Terry WoodsIT GuruAuthor Commented:
Though PaymentExpress gave a different answer to @Neilsr, I wouldn't like to assume that PaymentExpress was correct. What if the hacker replaced the user id value with their own? Would payments start going to their account? Maybe there are safeguards in place through the Payment Express API's but I wouldn't like to assume.
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now