MyCena Security Solutions, the pioneer and leader in Access Segmentation and Encryption Management (ASEM), today announced the addition of a new feature to its MyCena Desk Center (MDC) platform, designed to reduce payment card fraud at organizations processing financial transactions on behalf of customers.

Organizations like retailers, travel agencies or buying offices, store payment card information for their customers in order to make payments on their behalf. But when it comes to storing the financial data of their customers, lists of payment card information are often stored in Excel spreadsheets or on paper, where sensitive card details are kept in plain text accessible to all employees. This is a leading cause of fraud, as companies cannot know when and by whom the customer payment card information may have been stolen and used by to make unauthorized financial transactions. This is leading cause of disputes and penalties between card processing companies and their customers.

Requested and co-designed with its own customers to help address this massive fraud problem, MyCena has developed and released a new payment card feature on its MyCena Desk Center platform to store each payment card separately and make it only accessible by employees from a controlled multi-layered security fortress.

Without any infrastructure change, companies can upload all payments cards to the MyCena console. Card information is stored encrypted but accessible for the employees who need them for a transaction. Instead of accessing a file with all payment cards stored in clear text in one place, employees open their MyCena Desk Center application, a multi-layered (Bronze, Silver or Gold) secure digital fortress, look for the card they need by individual company code or name, and click on it to access its details. Employees then use the copy-and-paste commands to fill in the transaction, purchase or booking form.

To help investigate in the case of fraud, companies that have MyCena Desk Center Governance Module can audit all past events on the application and track when a specific credit card has been used. or

The solution makes targeting employees to steal their access credentials to payment cards file unfruitful for scammers, phishers and criminals, as these centralized lists of payment cards file no longer exists. This significantly strengthens cybersecurity and data protection for businesses processing payment cards. It helps to prevent expensive fraud incidents and subsequent penalties for card processing organizations.

“Everyone knows that financial information is the primary target for criminals, so securing this information is critical to any business that stores customer payment card details. When organizations store all the payment card information of their customers in plain text in a spreadsheet or in a list on paper, this becomes a security liability for them and their customers, as the list is fully accessible, viewable and stealable by any person in one go. The organization has no way to know if that list is copied in part or in full by any of the employees with access, exfiltrated or sold for malicious purposes. Using MyCena’s unique and easy-to-use system, the organization can now control who has access to which cards, and control which payment card has been accessed by whom, and when. When an employee needs to process a payment, they enter their MyCena fortress application, look for the specific customer card and use the details to make the transaction. It is so easy but represents a major improvement in card processing security, control and auditing,” said Julia O’Toole, CEO of MyCena Security Solutions.

Cybercriminals are using AI tools like ChatGPT to create convincing phishing emails. In a move that is concerning cybersecurity teams everywhere, the use of ChatGPT could significantly reduce costs for cybercrime gangs and eliminate language barriers. Internet users need to be aware of these scams and learn to spot them instead of relying on spotting phishing scams through poorly written text. According to Julia O'Toole, CEO of MyCena Security Solutions, AI tools such as ChatGPT make it much more difficult to spot scam emails. O'Toole warns that cybercriminals are currently exploring ways to use ChatGPT to defraud victims, despite built-in protections to prevent this. She adds: “The quality and speed of execution of ChatGPT makes it a powerful productivity hack. With it, criminals can now launch complex phishing campaigns, generating emails faster with higher chances of success.”

In February 2020, News Corp suffered a state-sponsored breach that went undetected until January 2022. The attackers accessed business documents and emails linked to a small group of employees, potentially compromising sensitive information such as Social Security numbers, names, and health insurance numbers. News Corp believes the attack was part of an intelligence-gathering mission by a threat group supported by the Chinese government. The nearly two-year dwell time was longer than average, and it is unclear why News Corp took over a year to reveal the breach's extent. "Two years to detect a breach is way above average," confirmed Julia O'Toole, CEO of MyCena Security Solutions. With attackers regularly gaining easy access to corporate networks through compromised credentials, we may continue to see these attacks. O’Toole adds: "Despite all the investment in threat detection tools, over 82% of breaches still involve compromised employee access credentials."

The White House unveiled its national cybersecurity strategy in early March. The updated approach emphasises collaboration between the public sector, private sector, and international allies as crucial to securing the nation against cyber threats. The US national cybersecurity strategy aims to safeguard critical infrastructure, combat malicious threat actors, invest in digital security, and foster international partnerships. The plan also advocates transferring security responsibility to software companies and initiating more assertive campaigns against financially motivated and state-sponsored malicious activities. The strategy named China and Russia-backed attackers the biggest threat to US national security.

Almost one in every 20 employees has submitted sensitive company information into ChatGPT, according to a report. The use of large language models like ChatGPT by employees raises concerns about incorporating sensitive business data into the models. Data security service Cyberhaven detected and blocked requests from 4.2% of workers at client companies to input data into ChatGPT – mainly due to the risk of leaked confidential information. Examples include an executive using ChatGPT to create a presentation using a confidential strategy document and a doctor inputting patient health information. As the use of ChatGPT and similar AI-based tools grows, the risk of data breaches is likely to increase.

The aviation industry is reviewing updated cybersecurity requirements in network segmentation, access control, threat detection, and patching. The attempt to increase industry security comes as the Biden administration aims to strengthen critical infrastructure cyber defences. The aviation sector is also facing threats from emerging digital technologies, like 5G and smart devices. Employees in critical roles, such as pilots and air traffic controllers, have limited training in managing cyber incidents, while the threat surface has increased due to the digital transformation of air traffic management systems and airport functions. While details of the new cybersecurity requirements for the aviation sector remain unclear, they will require companies to keep up with hardware and software patches, strengthen access controls, and build redundancy into critical systems.