Solved

Does it matter if a hacker gains access to a Payment Express Account user id?

Posted on 2015-01-19
4
146 Views
Last Modified: 2015-01-31
A client of mine has had their website hacked. If the hacker now knows the users PxPayUserid (which is a big long random looking string), can they use it for malicious purposes? I couldn't find anything on the Payment Express website saying either way.
0
Comment
Question by:Terry Woods
  • 3
4 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 250 total points
ID: 40558750
If a hacker has gained access to ANY part of any access token the you MUST assume that your security is compromised and takes steps to change all security information.
This should be done immediately .
0
 
LVL 35

Author Comment

by:Terry Woods
ID: 40558997
Thanks @Neilsr. I don't suppose you can provide a reference to that in their documentation somewhere?
0
 
LVL 35

Accepted Solution

by:
Terry Woods earned 0 total points
ID: 40560817
It sounds like payments received might be going directly into the client's bank account. I'll check with them to confirm that this is the case. When I enquired with Payment Express, their response was:

Hi Terry,

If this is a pxpay service being used then should be fine.

Everything is redirected to our secure server and there is no way that this can be compromised so should not need to worry. - Payline is updated in realtime so you should be fine to use this to monitor any online orders.

The PxPay userId directly links to your merchant bank account so there would be no use to it for the hackers as if they used this all they would do is direct payments in to your account.

With Kind Regards,

[name withheld]
Junior Technical Analyst
0
 
LVL 35

Author Closing Comment

by:Terry Woods
ID: 40581235
Though PaymentExpress gave a different answer to @Neilsr, I wouldn't like to assume that PaymentExpress was correct. What if the hacker replaced the user id value with their own? Would payments start going to their account? Maybe there are safeguards in place through the Payment Express API's but I wouldn't like to assume.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question