NZ Herald
  • Home
  • Latest news
  • Herald NOW
  • Video
  • New Zealand
  • Sport
  • World
  • Business
  • Entertainment
  • Podcasts
  • Quizzes
  • Opinion
  • Lifestyle
  • Travel
  • Viva
  • Weather

Subscriptions

  • Herald Premium
  • Viva Premium
  • The Listener
  • BusinessDesk

Sections

  • Latest news
  • New Zealand
    • All New Zealand
    • Crime
    • Politics
    • Education
    • Open Justice
    • Scam Update
  • Herald NOW
  • On The Up
  • World
    • All World
    • Australia
    • Asia
    • UK
    • United States
    • Middle East
    • Europe
    • Pacific
  • Business
    • All Business
    • MarketsSharesCurrencyCommoditiesStock TakesCrypto
    • Markets with Madison
    • Media Insider
    • Business analysis
    • Personal financeKiwiSaverInterest ratesTaxInvestment
    • EconomyInflationGDPOfficial cash rateEmployment
    • Small business
    • Business reportsMood of the BoardroomProject AucklandSustainable business and financeCapital markets reportAgribusiness reportInfrastructure reportDynamic business
    • Deloitte Top 200 Awards
    • CompaniesAged CareAgribusinessAirlinesBanking and financeConstructionEnergyFreight and logisticsHealthcareManufacturingMedia and MarketingRetailTelecommunicationsTourism
  • Opinion
    • All Opinion
    • Analysis
    • Editorials
    • Business analysis
    • Premium opinion
    • Letters to the editor
  • Politics
  • Sport
    • All Sport
    • OlympicsParalympics
    • RugbySuper RugbyNPCAll BlacksBlack FernsRugby sevensSchool rugby
    • CricketBlack CapsWhite Ferns
    • Racing
    • NetballSilver Ferns
    • LeagueWarriorsNRL
    • FootballWellington PhoenixAuckland FCAll WhitesFootball FernsEnglish Premier League
    • GolfNZ Open
    • MotorsportFormula 1
    • Boxing
    • UFC
    • BasketballNBABreakersTall BlacksTall Ferns
    • Tennis
    • Cycling
    • Athletics
    • SailingAmerica's CupSailGP
    • Rowing
  • Lifestyle
    • All Lifestyle
    • Viva - Food, fashion & beauty
    • Society Insider
    • Royals
    • Sex & relationships
    • Food & drinkRecipesRecipe collectionsRestaurant reviewsRestaurant bookings
    • Health & wellbeing
    • Fashion & beauty
    • Pets & animals
    • The Selection - Shop the trendsShop fashionShop beautyShop entertainmentShop giftsShop home & living
    • Milford's Investing Place
  • Entertainment
    • All Entertainment
    • TV
    • MoviesMovie reviews
    • MusicMusic reviews
    • BooksBook reviews
    • Culture
    • ReviewsBook reviewsMovie reviewsMusic reviewsRestaurant reviews
  • Travel
    • All Travel
    • News
    • New ZealandNorthlandAucklandWellingtonCanterburyOtago / QueenstownNelson-TasmanBest NZ beaches
    • International travelAustraliaPacific IslandsEuropeUKUSAAfricaAsia
    • Rail holidays
    • Cruise holidays
    • Ski holidays
    • Luxury travel
    • Adventure travel
  • Kāhu Māori news
  • Environment
    • All Environment
    • Our Green Future
  • Talanoa Pacific news
  • Property
    • All Property
    • Property Insider
    • Interest rates tracker
    • Residential property listings
    • Commercial property listings
  • Health
  • Technology
    • All Technology
    • AI
    • Social media
  • Rural
    • All Rural
    • Dairy farming
    • Sheep & beef farming
    • Horticulture
    • Animal health
    • Rural business
    • Rural life
    • Rural technology
    • Opinion
    • Audio & podcasts
  • Weather forecasts
    • All Weather forecasts
    • Kaitaia
    • Whangārei
    • Dargaville
    • Auckland
    • Thames
    • Tauranga
    • Hamilton
    • Whakatāne
    • Rotorua
    • Tokoroa
    • Te Kuiti
    • Taumaranui
    • Taupō
    • Gisborne
    • New Plymouth
    • Napier
    • Hastings
    • Dannevirke
    • Whanganui
    • Palmerston North
    • Levin
    • Paraparaumu
    • Masterton
    • Wellington
    • Motueka
    • Nelson
    • Blenheim
    • Westport
    • Reefton
    • Kaikōura
    • Greymouth
    • Hokitika
    • Christchurch
    • Ashburton
    • Timaru
    • Wānaka
    • Oamaru
    • Queenstown
    • Dunedin
    • Gore
    • Invercargill
  • Meet the journalists
  • Promotions & competitions
  • OneRoof property listings
  • Driven car news

Puzzles & Quizzes

  • Puzzles
    • All Puzzles
    • Sudoku
    • Code Cracker
    • Crosswords
    • Cryptic crossword
    • Wordsearch
  • Quizzes
    • All Quizzes
    • Morning quiz
    • Afternoon quiz
    • Sports quiz

Regions

  • Northland
    • All Northland
    • Far North
    • Kaitaia
    • Kerikeri
    • Kaikohe
    • Bay of Islands
    • Whangarei
    • Dargaville
    • Kaipara
    • Mangawhai
  • Auckland
  • Waikato
    • All Waikato
    • Hamilton
    • Coromandel & Hauraki
    • Matamata & Piako
    • Cambridge
    • Te Awamutu
    • Tokoroa & South Waikato
    • Taupō & Tūrangi
  • Bay of Plenty
    • All Bay of Plenty
    • Katikati
    • Tauranga
    • Mount Maunganui
    • Pāpāmoa
    • Te Puke
    • Whakatāne
  • Rotorua
  • Hawke's Bay
    • All Hawke's Bay
    • Napier
    • Hastings
    • Havelock North
    • Central Hawke's Bay
    • Wairoa
  • Taranaki
    • All Taranaki
    • Stratford
    • New Plymouth
    • Hāwera
  • Manawatū - Whanganui
    • All Manawatū - Whanganui
    • Whanganui
    • Palmerston North
    • Manawatū
    • Tararua
    • Horowhenua
  • Wellington
    • All Wellington
    • Kapiti
    • Wairarapa
    • Upper Hutt
    • Lower Hutt
  • Nelson & Tasman
    • All Nelson & Tasman
    • Motueka
    • Nelson
    • Tasman
  • Marlborough
  • West Coast
  • Canterbury
    • All Canterbury
    • Kaikōura
    • Christchurch
    • Ashburton
    • Timaru
  • Otago
    • All Otago
    • Oamaru
    • Dunedin
    • Balclutha
    • Alexandra
    • Queenstown
    • Wanaka
  • Southland
    • All Southland
    • Invercargill
    • Gore
    • Stewart Island
  • Gisborne

Media

  • Video
    • All Video
    • NZ news video
    • Herald NOW
    • Business news video
    • Politics news video
    • Sport video
    • World news video
    • Lifestyle video
    • Entertainment video
    • Travel video
    • Markets with Madison
    • Kea Kids news
  • Podcasts
    • All Podcasts
    • The Front Page
    • On the Tiles
    • Ask me Anything
    • The Little Things
  • Cartoons
  • Photo galleries
  • Today's Paper - E-editions
  • Photo sales
  • Classifieds

NZME Network

  • Advertise with NZME
  • OneRoof
  • Driven Car Guide
  • BusinessDesk
  • Newstalk ZB
  • Sunlive
  • ZM
  • The Hits
  • Coast
  • Radio Hauraki
  • The Alternative Commentary Collective
  • Gold
  • Flava
  • iHeart Radio
  • Hokonui
  • Radio Wanaka
  • iHeartCountry New Zealand
  • Restaurant Hub
  • NZME Events

SubscribeSign In
Advertisement
Advertise with NZME.
Home / Business

Business Hub: Cert NZ's Declan Ingram on how to avoid a payment page hack

Chris Keall
By Chris Keall
Technology Editor/Senior Business Writer·NZ Herald·
25 Sep, 2020 05:45 AM6 mins to read

Subscribe to listen

Access to Herald Premium articles require a Premium subscription. Subscribe now to listen.
Already a subscriber?  Sign in here

Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech.
‌
Save

    Share this article

    Reminder, this is a Premium article and requires a subscription to read.

Cert NZ deputy director Declan Ingram. Photo / Supplied

Cert NZ deputy director Declan Ingram. Photo / Supplied

Pandemic lockdowns have seen a boom in online retail.

But Declan Ingram, deputy director of the Crown's Computer Emergency Response Team (Cert NZ), is warning small businesses not to cut corners in their rush to reach customers over the internet.

Ingram says a case in point is a North Island small business - which prefers not to share its shame - that came a cropper after not following a key payment processing standard. keep reading.

It pre-dates the pandemic, but holds valuable lessons for those caught in the Covid rush to organise an "e-tail" presence.

Advertisement
Advertise with NZME.

It began when the business' owners noticed people had started to complain

their website's payment page was behaving oddly.

"An attacker had got into their website and changed the payment process," Ingram says.

"So when someone entered information into their cart for the things that they wanted to buy, and then and then clicked pay, it took them to the attacker's website, which was skinned to look exactly the same as the real website - but they intercepted and took all of the payment card details."

Advertisement
Advertise with NZME.

One of the owners - who requested anonymity - says, "Fortunately we identified the breach quickly and were able to act fast, meaning only a small number of our customers were affected. And by working with our bank we were able to avoid any financial loss for customers."

But the episode still left him around $100,000 out of pocket, which was made up of:

Discover more

Business

$30m Cryptopia heist: Liquidators likely heading back to court

21 Sep 05:55 AM
Shares

Cyber attacks: NZX launches alternative site

18 Sep 05:45 AM
Business

Pushpay founders back anti-money laundering startup's $8m raise

16 Sep 05:38 AM
Business

The NZ stock analysts are picking for a big rise

23 Sep 05:42 AM

• Approximately $30,000 to rebuild the website. They did a lot of the work themselves, otherwise, it would have cost them a lot more.

• Approximately $30,000 to get the necessary security measures in place so the website would be protected and secure (and meet PCI DSS requirements), such as contracting someone for ongoing penetration testing.

• Lost revenue from being diverted from the work they normally do to grow their business

• Lost revenue from a halt in online sales

There was also un-tallied reputational damage from its site being offline - "as it can be perceived that the business is not robust and reliable".

The business owner's initial DIY efforts to repel the cyber attacker actually seemed to go well.

Advertisement
Advertise with NZME.

The malicious code that had been inserted into their website was identified and removed.

But the hackers continued to access the website in a relentless attack.

After a few sleepless nights, it became apparent the attackers were not going away. The owners were forced to delete their website and begin the expensive process of starting again.

All about the PCI DSS

But at least this time they did it right.

"It was a heartbreaking decision to make after years of building our online business, but we knew it was the right thing to do to protect our customers," the owner says.

However, after talking further with their bank the business owner learned there were further steps they could have taken to prevent a cyber-attack by meeting Payment Card Industry Data Security Standard (PCI DSS) requirements - a term they had never heard before.

That puts our small business owners in good company.

A recent Colmar Brunton survey of 508 small businesses (around half with fewer than 20 staff and half with fewer than five), found 61 per cent had no knowledge at all about PCI DSS requirements. Only 17 per cent had a reasonable knowledge.

Of those who had an online store, 39 per cent had never heard of PCI DSS compliance. A further 16 per cent had heard of it, but didn't undersand what it was.

Established by an independent global body of major credit card companies in 2006, PCI DSS compliance is an international requirement for any organisation that accepts, transfers or stores customer payment data. It states that website owners are responsible for protecting customers' card information, even when they use a third party payment gateway.

PCI DSS is a list of requirements that, when followed, will put organisations in a strong position to defend themselves against attackers trying to steal customers' credit card details, Ingram says.

For a business owner this means taking the guesswork out of what they need to do, and having specific measures in place and documented to share with service providers, detailing exactly what is needed for security.

A small business owner should talk to their bank to be clear about their PCI DSS obligations, and whether their e-commerce site meets them, Ingram says.

"It's important to know that, as your business grows, so too do your website security requirements," says the owner. "Your web developers and third-party providers are not responsible for your website's security, you are by ensuring you meet PCI DSS requirements."

It may take a bit of effort to protect a business website, Ingram says, but this is a drop in the ocean compared to the time and money it takes to come back from a cyber-attack. Taking precautions now can mitigate security risks and the level of damage caused if a website is breached.

Cert NZ's top 3 tips for secure online retail

1. Make sure your e-commerce site is PCI DSS compliant

2. Make sure your web developer builds a site that supports secure communication. Look for a website address (URL) that begins with "https" rather than just http - the "s" is for secure. "That gives your customers a little bit of extra protection, because it means that the information being sent between them and your web server is encrypted and can't be viewed by other parties, Cert NZ deputy director Declan Ingram

says.

3. Use, long, unique and complicated passwords for every online service you access. You won't be able to remember them all, but that's where password management software comes in (where you only have to remember one password to access a service that will autofill for all your accounts). Cert NZ doesn't not make recommendations for specific brands, but a recent New York Times round up found 1Password the best.

It said LastPass, Dashlane and Bitwarden were also good options.

4. Keep all of your software up-to-date, with the latest security patches applied. Cert NZ offers an email alert service, giving you heads up when security holes are discovered in popular software.

5. Use "two-factor authentification" for the administrative functions of your website. For example, when not just a password but a code texted to a cellphone is needed to make changes to key settings.

Save

    Share this article

    Reminder, this is a Premium article and requires a subscription to read.

Latest from Business

Media Insider

TVNZ boss on the future of the 6pm news, Shortland Street - and a move into pay TV

19 Jun 09:37 AM
Premium
Shares

Market close: GDP beats forecasts but NZ sharemarket dips

19 Jun 06:24 AM
Premium
Business

Innovation milestone: NZ approves lab-grown quail for consumption

19 Jun 04:34 AM

Audi offers a sporty spin on city driving with the A3 Sportback and S3 Sportback

sponsored
Advertisement
Advertise with NZME.

Latest from Business

TVNZ boss on the future of the 6pm news, Shortland Street - and a move into pay TV

TVNZ boss on the future of the 6pm news, Shortland Street - and a move into pay TV

19 Jun 09:37 AM

Will this be Simon Dallow's swansong year as the 6pm newsreader?

Premium
Market close: GDP beats forecasts but NZ sharemarket dips

Market close: GDP beats forecasts but NZ sharemarket dips

19 Jun 06:24 AM
Premium
Innovation milestone: NZ approves lab-grown quail for consumption

Innovation milestone: NZ approves lab-grown quail for consumption

19 Jun 04:34 AM
$162k in cash, almost $400k in equipment seized in scam crackdown last year

$162k in cash, almost $400k in equipment seized in scam crackdown last year

19 Jun 04:29 AM
Gold demand soars amid global turmoil
sponsored

Gold demand soars amid global turmoil

NZ Herald
  • About NZ Herald
  • Meet the journalists
  • Newsletters
  • Classifieds
  • Help & support
  • Contact us
  • House rules
  • Privacy Policy
  • Terms of use
  • Competition terms & conditions
  • Our use of AI
Subscriber Services
  • NZ Herald e-editions
  • Daily puzzles & quizzes
  • Manage your digital subscription
  • Manage your print subscription
  • Subscribe to the NZ Herald newspaper
  • Subscribe to Herald Premium
  • Gift a subscription
  • Subscriber FAQs
  • Subscription terms & conditions
  • Promotions and subscriber benefits
NZME Network
  • The New Zealand Herald
  • The Northland Age
  • The Northern Advocate
  • Waikato Herald
  • Bay of Plenty Times
  • Rotorua Daily Post
  • Hawke's Bay Today
  • Whanganui Chronicle
  • Viva
  • NZ Listener
  • Newstalk ZB
  • BusinessDesk
  • OneRoof
  • Driven Car Guide
  • iHeart Radio
  • Restaurant Hub
NZME
  • About NZME
  • NZME careers
  • Advertise with NZME
  • Digital self-service advertising
  • Book your classified ad
  • Photo sales
  • NZME Events
  • © Copyright 2025 NZME Publishing Limited
TOP