Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Does it matter if a hacker gains access to a Payment Express Account user id?

Posted on 2015-01-19
4
Medium Priority
?
180 Views
Last Modified: 2015-01-31
A client of mine has had their website hacked. If the hacker now knows the users PxPayUserid (which is a big long random looking string), can they use it for malicious purposes? I couldn't find anything on the Payment Express website saying either way.
0
Comment
Question by:Terry Woods
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 1000 total points
ID: 40558750
If a hacker has gained access to ANY part of any access token the you MUST assume that your security is compromised and takes steps to change all security information.
This should be done immediately .
0
 
LVL 35

Author Comment

by:Terry Woods
ID: 40558997
Thanks @Neilsr. I don't suppose you can provide a reference to that in their documentation somewhere?
0
 
LVL 35

Accepted Solution

by:
Terry Woods earned 0 total points
ID: 40560817
It sounds like payments received might be going directly into the client's bank account. I'll check with them to confirm that this is the case. When I enquired with Payment Express, their response was:

Hi Terry,

If this is a pxpay service being used then should be fine.

Everything is redirected to our secure server and there is no way that this can be compromised so should not need to worry. - Payline is updated in realtime so you should be fine to use this to monitor any online orders.

The PxPay userId directly links to your merchant bank account so there would be no use to it for the hackers as if they used this all they would do is direct payments in to your account.

With Kind Regards,

[name withheld]
Junior Technical Analyst
0
 
LVL 35

Author Closing Comment

by:Terry Woods
ID: 40581235
Though PaymentExpress gave a different answer to @Neilsr, I wouldn't like to assume that PaymentExpress was correct. What if the hacker replaced the user id value with their own? Would payments start going to their account? Maybe there are safeguards in place through the Payment Express API's but I wouldn't like to assume.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The online market is growing at an unprecedented rate and retail eCommerce sales are expected to reach $4 trillion by 2020. Yet, the profit is not just there for the taking because you have to set yourself apart from the competition.
What we learned in Webroot's webinar on multi-vector protection.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question