MyCena Security Solutions, the pioneer and leader in Access Segmentation and Encryption Management (ASEM), today announced the addition of a new feature to its MyCena Desk Center (MDC) platform, designed to reduce payment card fraud at organizations processing financial transactions on behalf of customers.

Organizations like retailers, travel agencies or buying offices, store payment card information for their customers in order to make payments on their behalf. But when it comes to storing the financial data of their customers, lists of payment card information are often stored in Excel spreadsheets or on paper, where sensitive card details are kept in plain text accessible to all employees. This is a leading cause of fraud, as companies cannot know when and by whom the customer payment card information may have been stolen and used by to make unauthorized financial transactions. This is leading cause of disputes and penalties between card processing companies and their customers.

Requested and co-designed with its own customers to help address this massive fraud problem, MyCena has developed and released a new payment card feature on its MyCena Desk Center platform to store each payment card separately and make it only accessible by employees from a controlled multi-layered security fortress.

Without any infrastructure change, companies can upload all payments cards to the MyCena console. Card information is stored encrypted but accessible for the employees who need them for a transaction. Instead of accessing a file with all payment cards stored in clear text in one place, employees open their MyCena Desk Center application, a multi-layered (Bronze, Silver or Gold) secure digital fortress, look for the card they need by individual company code or name, and click on it to access its details. Employees then use the copy-and-paste commands to fill in the transaction, purchase or booking form.

To help investigate in the case of fraud, companies that have MyCena Desk Center Governance Module can audit all past events on the application and track when a specific credit card has been used. or

The solution makes targeting employees to steal their access credentials to payment cards file unfruitful for scammers, phishers and criminals, as these centralized lists of payment cards file no longer exists. This significantly strengthens cybersecurity and data protection for businesses processing payment cards. It helps to prevent expensive fraud incidents and subsequent penalties for card processing organizations.

“Everyone knows that financial information is the primary target for criminals, so securing this information is critical to any business that stores customer payment card details. When organizations store all the payment card information of their customers in plain text in a spreadsheet or in a list on paper, this becomes a security liability for them and their customers, as the list is fully accessible, viewable and stealable by any person in one go. The organization has no way to know if that list is copied in part or in full by any of the employees with access, exfiltrated or sold for malicious purposes. Using MyCena’s unique and easy-to-use system, the organization can now control who has access to which cards, and control which payment card has been accessed by whom, and when. When an employee needs to process a payment, they enter their MyCena fortress application, look for the specific customer card and use the details to make the transaction. It is so easy but represents a major improvement in card processing security, control and auditing,” said Julia O’Toole, CEO of MyCena Security Solutions.

In February 2020, News Corp suffered a state-sponsored breach that went undetected until January 2022. The attackers accessed business documents and emails linked to a small group of employees, potentially compromising sensitive information such as Social Security numbers, names, and health insurance numbers. News Corp believes the attack was part of an intelligence-gathering mission by a threat group supported by the Chinese government. The nearly two-year dwell time was longer than average, and it is unclear why News Corp took over a year to reveal the breach's extent. "Two years to detect a breach is way above average," confirmed Julia O'Toole, CEO of MyCena Security Solutions. With attackers regularly gaining easy access to corporate networks through compromised credentials, we may continue to see these attacks. O’Toole adds: "Despite all the investment in threat detection tools, over 82% of breaches still involve compromised employee access credentials."

The White House unveiled its national cybersecurity strategy in early March. The updated approach emphasises collaboration between the public sector, private sector, and international allies as crucial to securing the nation against cyber threats. The US national cybersecurity strategy aims to safeguard critical infrastructure, combat malicious threat actors, invest in digital security, and foster international partnerships. The plan also advocates transferring security responsibility to software companies and initiating more assertive campaigns against financially motivated and state-sponsored malicious activities. The strategy named China and Russia-backed attackers the biggest threat to US national security.

The aviation industry is reviewing updated cybersecurity requirements in network segmentation, access control, threat detection, and patching. The attempt to increase industry security comes as the Biden administration aims to strengthen critical infrastructure cyber defences. The aviation sector is also facing threats from emerging digital technologies, like 5G and smart devices. Employees in critical roles, such as pilots and air traffic controllers, have limited training in managing cyber incidents, while the threat surface has increased due to the digital transformation of air traffic management systems and airport functions. While details of the new cybersecurity requirements for the aviation sector remain unclear, they will require companies to keep up with hardware and software patches, strengthen access controls, and build redundancy into critical systems.

Ukraine has seen a threefold increase in cyber-attacks over the past year, with many of them originating from Russia. These attacks have sometimes been used in combination with missile strikes, according to Viktor Zhora, a leading figure in the country's SSSCIP agency. The attacks have often taken the form of destructive wiper malware and have been aimed at Ukraine's critical infrastructure. During a recent visit to the UK's National Cyber Security Centre, Zhora and Ukrainian colleagues discussed how to work together to tackle the Russian threat. A recent analysis by SSSCIP linked cyber-attacks on Ukraine's energy infrastructure last autumn to Russia's sustained bombing campaign, with the aim of causing maximum disruption to everyday life.

As ChatGPT becomes more widely used, scammers are likely to apply the technology for phishing attacks, according to experts. OpenAI, the creator of ChatGPT, restricts some misuse of the technology, but Microsoft's plans to incorporate it into Azure AI services could lead to wider use. Chester Wisniewski, a principal research scientist at Sophos, studied how easily ChatGPT can be manipulated for malicious attacks. He found that ChatGPT makes it easier for scammers to launch phishing attacks, writing often more believable phishing lures than real humans can. With the advancement of AI, it's important to consider the potential security risks and what needs to be done to combat malicious use of the technology.