Merchant Card Services (MCS) would like to remind departments of the importance of remaining vigilant in protecting and monitoring their merchant accounts.
Merchant Locations Utilizing Virtual Terminals
There has recently been an increase in attacks using “cloned” sites. These cloned sites are an attempt to harvest legitimate log-in credentials by creating a website that looks like a legitimate website and has a similar web address. For example, the URL may contain a misspelling of the vendor’s name or a website that includes some variation of the vendor’s name, services, or products. A log-in page is presented, requiring a username and password, but will harvest the credentials in an attempt to gain access to the user’s account. MCS recommends that caution is used when visiting vendor-related websites that may be found through a web search, including those in “sponsored” search results. Please ensure that you use only bookmarked sites with the URL provided by the vendor. This reduces the possibility of using potentially unsafe links.
All Merchants
Section 13.4 of the Business and Finance Policies and Procedures states that it is important to perform reconciliations on a timely basis to ensure that any discrepancies are quickly identified and corrected. MCS recommends that departments review their transaction activity daily and ensure it matches expected totals, including paying particular attention to refunds and checking that they correspond to legitimate sales. Regularly monitoring transactions for unusual activity is a critical process in early fraud detection.
Additional Security
An important layer of security is two-factor authentication, which makes it more difficult for attackers to gain access to a person's devices or online accounts because, even if the victim's password is compromised, a password alone is not enough to pass the authentication check. MCS strongly recommends that departments utilize two-factor authentication if that service is available. When evaluating new systems, two-factor authentication should be a requirement. For existing systems that currently do not utilize two-factor authentication, please contact the vendor to determine the availability of additional security measures.
If you suspect that your merchant account or university credentials have been compromised, you need to immediately report it to your information security office and Merchant Card Services.
Contact
Please contact Merchant Card Services with any questions or concerns at 217.244.9384 or merchantcardhelp@uillinois.edu.
