Friday, August 16, 2024
Thousands of websites are leaking private customer information like addresses and phone numbers due to a misconfiguration. This is according to Aaron Costello, chief of SaaS security research at SaaS security provider AppOmni. The issue affects all types of organizations around the globe that are using the popular enterprise resource planning solution, Oracle NetSuite SuiteCommerce to create any type of website (beyond ecommerce websites), Costello warned.
"NetSuite is one of the world’s leading enterprise resource planning (ERP) systems and handles business critical data for thousands of organizations,” Costello said. “My research found that thousands of these organizations are leaking sensitive customer data to the public through misconfigurations in their access controls. The sheer scale at which I found these exposures to be occurring is significant.
“Many organizations are struggling to implement and maintain a robust SaaS security program. Through research like this, AppOmni strives to educate and equip organizations so that they may be better prepared to identify and tackle both known and unknown risks to their SaaS applications."
To mitigate the risk, administrators should tighten access controls on CRTs, set sensitive fields to "None" for public access, and consider temporarily taking impacted sites offline to prevent data exposure, Costello stated. For full details, see appomni.com/blog/oracle-netsuite-data-exposure-analysis
Apple announced its intention to offer in-app NFC contactless transactions using the Secure Element. Starting with iOS 18.1, developers can offer NFC contactless transactions directly within their apps, separate from Apple Pay and Wallet, using the new NFC and Secure Element (SE) APIs. This enables in-app payments for various uses, including store purchases, car keys, transit passes, and loyalty cards. Apple designed this solution with a strong focus on user security and privacy, incorporating features like the Secure Enclave and biometric authentication. To use these APIs, developers must enter a commercial agreement with Apple. The APIs will be available in select countries, with more regions to follow.
In response to this development, Shachar Bialick, CEO and founder of Curve said the following: “We welcome Apple’s latest announcement, which will see more consumers around the world gain access to third-party payment wallets and is a positive move for consumers who will benefit from choice and innovation in payments on iOS for the first time. What remains unclear is how onerous Apple’s access fees will be, and whether there is enough profit left for third-party developers to encourage more customer-centric innovation.
"As the leading alternative to Apple Pay, Curve is thrilled to bring unique benefits to customers worldwide. Curve Pay goes beyond traditional wallets by being the only wallet that eliminates foreign transaction fees from linked cards and offers cashback on top of linked cards rewards. This exemplifies the innovation in digital payments, and Curve is committed to staying at the forefront, driving progress and delivering unmatched value to consumers."
Sales growth for the restaurant industry in 2024 has been revised downward to 3.8 percent, pushing establishments to seek innovative solutions. And according to a recent PYMNTS Intelligence report, real-time payments (RTP) are emerging as a key tool to enhance both financial health and customer satisfaction.
RTP systems are transforming the profitability of small and medium-sized restaurants, which have been under pressure as inflation and economic challenges have impacted their financial stability. These systems, including instant pay-by-bank options and platforms like PayPal, offer significant advantages over traditional payment methods such as checks or ACH transfers, researchers noted. Restaurants adopting RTP have reported net profit margins exceeding 50 percent, stronger balance sheets and improved supplier relationships, reducing the risk of business closures.
Despite the benefits, some restaurant owners hesitate to adopt real-time payments due to perceived complexity and fraud risks. However, these concerns are often exaggerated, and better education and vendor support could help overcome these barriers, making real-time payments more accessible, PYMNTS.com found.
Cash flow management remains a critical issue for restaurants, with many struggling to stay afloat amid economic pressures. RTP offer a solution by providing immediate access to funds, reducing transaction fees and improving overall financial health, researchers indicated. In an era where speed and convenience are paramount, real-time payments not only enhance operational efficiency but also meet customer expectations, leading to faster service, increased tips, and greater customer loyalty. For further details, see bit.ly/3WNyojZ.
Mastercard said it is "enhancing its Open Banking for Lending program, delivered with Argyle, to streamline the lending process and give consumers more agency over their financial lives." With new features, Mastercard stated, it now "has the ability to provide income and employment coverage to the estimated 95 percent of the U.S. workforce who receive payments via direct deposit, ultimately powering smarter and more inclusive lending decisions and helping bring more people into the digital economy."
Andrew Bonsall, COO at AperiData, said this news is encouraging and clearly demonstrates that the market is waking up to the power of open banking for facilitating financial inclusion. "All too often methods for verifying income and employment are outdated relying on manual, labour-intensive processes that place the burden on the customer to gather their documents, which can often lead to missing information or the wrong decision being made," he said. "It is equally inefficient for lenders, who are then spending valuable time and resources verifying them."
Bonsall noted it is critical that businesses access, understand and utilize data to better serve their customers. "That is the only way we can nurture an environment of increased choice based on trust for both businesses and consumers," he said, adding that the digital economy of today demands a different approach. "If we want to live in a world in which data can work for people, enabling fairer, quicker decisions that affect people’s lives, then trust needs to be the number-one priority. Open data is going to be a huge benefit to businesses and consumers, providing it can be shared and used ethically," he said. 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
