Hacking at Global Payment
As new technological advances take place novel risks and dangers crop out with these technologies. Technological evolution in internet connectivity has eliminated various barriers to communication in the business world (Michael, 2012). As such, many businesses have now adopted accounting information systems that help with management and monitoring of finances. These advances have given rise to cyber crimes such as hacking. This paper will examine a breach or hacking at Global Payments Inc. Furthermore, the paper will review the Global Payments hacking scenario from a third-party accounting system standpoint. Global Payments Inc.’s security assessment will be reviewed as well as a discussion of its software issues. Last, the paper will stipulate recommendations on how they can bar hacking of their accounting information systems.
The scope of Global Payment Inc.
Reports suggest that in April 2012, a data breach occurred at Global Payments Inc. that cost the company approximately $93.9 million (Information Systems Media Group, 2013). Further reports suggest that the breach of security at Global Payments Inc. left a befuddling mess. Global Payments Inc. is a part of “third-party processors,” which serve merchants and banks as a middleman company, this breach tampered with the U.S. payment system in monetary transactions. With time, more people began to realize that they were at a higher risk of their credit card information being illicitly used as well as exposed. In order to understand the scope of Global Payments Inc. and its customers’ reach, we must be able to understand the threat of hacking in these types of scenarios. As such, Global Payments Inc. is one of the world’s largest electronic transaction processing companies. Also, they provide comprehensive firm-to-firm payment cards and processing services such as financial electronic data exchange, cash management, information management, and reporting services.
Hacking Scenario at Global Payments Inc.
News regarding Global Payments Inc.’s breach of security was released in late March of 2012 and many customers’ reactions were noted. This breach took place between 21st January and 25th February. As such, it took approximately a month for the public to be aware of Global Payments Inc.’s hacking. Customers were at risk of their credit card information being exposed and vulnerable to malicious use. After the realization of hacking at the company, a statement was issued to its customers in regards to the hack of its financial system as there were some security issues involved with Global Payments Inc.’s data.
It is estimated that 1.5 million accounts were exposed during the hack, other analysts estimated around 7.1 million accounts. In 2012, Global Payments Inc. released a statement saying that one million card numbers may have been compromised as names and social security details were not affected. Global Payments Inc. also suggested that it was a manageable breach of security than the worst-case scenario, as it only affected a smaller percentage of the 1 billion cardholders in the U.S.
Global Payments Inc. finally released a statement in April 2013, suggesting that the data breach affected 1.5 million cardholders in the U.S. Also, the company went forward to pursue a lawsuit in April 2012, which later was dismissed on March 6th. The lawsuit was a breach-related class action lawsuit that claimed that the company’s processor was futile in maintaining adequate as well as personal identification information. Later on, in February, the company confirmed that its networking apparatus is running smoothly and the loss generated by the breach was fully paid.
Level of Responsibility of the Software Provider at Global Payments Inc.
The impact and size of Global Payments Inc.’s issues are much more profound than those of other businesses, which face significant threats of being hacked by outside sources. Global Payments Inc.’s business structure, its accounting information system, and other security systems need a more sophisticated as well as a higher level of security interface to work effectively. Having access to any software system, Global Payments Inc. has developers and programmers who must ensure the company’s protection which is suitable to its corporate structure.
Additionally, Global Payments Inc. handles millions of financial transactions that need a multi-dimensional security infrastructure exclusively designed to suit the company’s needs, hence, its problems of hacking were internal in nature. Evidently, customers who use the Global Payments Inc. system found it helpless in protecting their critical information which is left solely on Global Payment Inc.’s table to resolve its internal hacking.
Preventive Measures
Hacking and data breaches create a responsibility for companies to take proactive measures internally. As such, companies should start with blocking the common hacker. This means protecting the documents within the system itself from internal access. Such preventive activities include frequent password changing, masking and information change detection. Furthermore, the more the firms move towards decentralized networks the more they are predisposed to be hacked.
Global Payments Inc. can hire outside organizations to monitor its accounting information system to reduce cases of being hacked. Essentially, outside firms always carry out diagnostics within the network to assess the potential of being hacked(Alali & Yeh, 2012). This improves security as a firm can easily note the waypoints on its computer security. Furthermore, it is noted that there are few laws against hacking since the current laws and regulation are obsolete with changing technology. As such, one preventive measure is to come up with enough rules and regulation to govern accounting information systems within firms that use it.
Another preventive measure that can be utilized by Global Payments Inc. is by having internal controls put in place to avoid unnecessary risk. Research suggests that a risk of error, fraud, or hacking tends to occur in those organizations where the code of ethics and internal controls are incorrectly applied (Ingason, 2015). As such, if these internal controls are safeguarded it might take time for individuals to have unauthorized access to the system.
Other preventive measures that the company can undertake is by educating as well as reminding workers of their role to curb hacking within an organization. As such, it is important for IT managers to actively involve other departments on how they can secure systems through educational meetings as well as reminders on within the office. Being aware of any hacking attempts, workers can be vigilant of any suspicious activity within the system hence they can report for immediate action.
Recommendations
It is imperative for companies to view hacking as an emerging technological crime. Therefore, companies should be able to conduct business effectively with the new technological advancement rather than the old ways. Risk assessments must be taken by organizations whenever they are setting up accounting information systems to assess the possibility of being hacked. As such, a bigger company such as Global Payments should have a risk assessment team in place to foresee any possibility of their systems being hacked.
Second, Global Payments Inc. being a company reliant on a digital business model that is based on digital information, they are likely to get hacked from time to time, as such, it is recommended that it utilize ethical hacking to counter criminal hacking. Ethical hacking essentially involves locating a weakness within a computer system and information systems by duplicating or copying a malicious hacker’s actions to counter hacking crimes (Wang & Yang, 2017).
Conclusively, I would recommend that Global Payments Inc. shift more resources to protecting its information system than any other sector within its premises since it deals with millions of personal information regarding the financial information of its customers. As such, having more resources for the accounting information systems department can make more security measures that can prevent any further hacking.
References
Alali, F. A., & Yeh, C.-L. (2012). Cloud Computing: Overview and Risk Analysis. Journal of Information Systems, 26(2), 13–33. https://doi.org/10.2308/isys-50229
Information Systems Media Group. (2013). Global Payments Breach Tab: $94 Million. Retrieved January 27, 2019, from https://www.bankinfosecurity.com/global-payments-breach-tab-94-million-a-5415
Ingason, H. T. (2015). IPMA Code of Ethics and Professional Conduct. International Journal of Project Management. https://doi.org/10.1016/j.ijproman.2015.06.008
Michael, K. (2012). Hacking: The Next Generation. Computers & Security. https://doi.org/10.1016/j.cose.2012.06.005
Wang, Y., & Yang, J. (2017). Ethical hacking and network defense: Choose your best network vulnerability scanning tool. In Proceedings – 31st IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2017. https://doi.org/10.1109/WAINA.2017.39