Solved

Does it matter if a hacker gains access to a Payment Express Account user id?

Posted on 2015-01-19
4
164 Views
Last Modified: 2015-01-31
A client of mine has had their website hacked. If the hacker now knows the users PxPayUserid (which is a big long random looking string), can they use it for malicious purposes? I couldn't find anything on the Payment Express website saying either way.
0
Comment
Question by:Terry Woods
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 250 total points
ID: 40558750
If a hacker has gained access to ANY part of any access token the you MUST assume that your security is compromised and takes steps to change all security information.
This should be done immediately .
0
 
LVL 35

Author Comment

by:Terry Woods
ID: 40558997
Thanks @Neilsr. I don't suppose you can provide a reference to that in their documentation somewhere?
0
 
LVL 35

Accepted Solution

by:
Terry Woods earned 0 total points
ID: 40560817
It sounds like payments received might be going directly into the client's bank account. I'll check with them to confirm that this is the case. When I enquired with Payment Express, their response was:

Hi Terry,

If this is a pxpay service being used then should be fine.

Everything is redirected to our secure server and there is no way that this can be compromised so should not need to worry. - Payline is updated in realtime so you should be fine to use this to monitor any online orders.

The PxPay userId directly links to your merchant bank account so there would be no use to it for the hackers as if they used this all they would do is direct payments in to your account.

With Kind Regards,

[name withheld]
Junior Technical Analyst
0
 
LVL 35

Author Closing Comment

by:Terry Woods
ID: 40581235
Though PaymentExpress gave a different answer to @Neilsr, I wouldn't like to assume that PaymentExpress was correct. What if the hacker replaced the user id value with their own? Would payments start going to their account? Maybe there are safeguards in place through the Payment Express API's but I wouldn't like to assume.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question