OREL, predictive platform for malware propagation
BOTECH FPI S.L. has received funding for its research and development project of the predictive platform for malware propagation (OREL) through the Centre for Industrial Technological Development (CDTI), with aid co-financed by the European Union through the European Regional Development Fund (ERDF).
Internet usage has increased enormously in recent years, both at the domestic and business level. This has also led to a rise in malware attacks and intrusions in IT systems worldwide. Furthermore, under the current circumstances caused by the global COVID-19 pandemic, the internet has become an important weapon for cybercriminals.
Taking advantage of the collective concern caused by the Coronavirus pandemic has proven to be a goldmine for cybercriminals, who launch attacks through malicious applications, phishing campaigns, scam websites, and apps with malicious trackers that affect Android and Google Play Store.
With the OREL project, BOTECH aims to develop a platform for creating detection engines based on Machine Learning for advanced Android malware, with these detections feeding the malware propagation prediction model. Among the platform’s capabilities are the automation of data acquisition and indexing, the prediction of digital epidemics thanks to the developed prediction algorithm, a prediction engine based on Machine Learning technology, and a working environment for creating Android malware detection engines.
Project details:
The answer to this question can be summed up in just two words: it is necessary. Moreover, if the standard is not followed and the business suffers an attack, it will be exposed to strict audits, significant penalties, and even the loss of the authorization to process cards. In other words, the lifespan of the online store would come to an unforeseen end shortly after launching. Therefore, every measure should be welcomed—especially knowing that between 2020 and 2021, the number of cyberattacks on retail businesses increased by 117% compared to 2019, according to a study by Positive Technologies. These attacks mostly targeted customer data and, in 2021, more than half aimed directly at stealing money.
So, if you're wondering “why is it so important to comply with the PCI DSS standard when launching my online store?”, you should know that it proposes twelve requirements that businesses must meet to ensure the security of payment card transactions (whether debit or credit) and thus prevent fraud. As we have just seen, cyber threats have proliferated around new e-commerce platforms, and payment systems are one of the main targets.
If you are working on launching an online store, you probably already know that it is necessary to comply with this standard so customers can pay with their cards. The next step is not only to achieve PCI DSS certification but also to provide maximum security for potential customers. There is no doubt that if word spreads that an online store does not offer secure payment guarantees, buyers will disappear—and all efforts and investment in the business will be wasted.
To prevent this from happening, we recommend relying on expert consultancy that simplifies the process and ensures everything is done correctly, as you could lose valuable time that could be spent on other tasks focused on your company’s core business.
To obtain PCI DSS certification, your business must meet several requirements (twelve, to be precise), which fall under the following objectives:
As you can see, this is not a one-time task but an ongoing effort —hence the annual review— since cyber threats evolve constantly. It should never be forgotten that the goal is not only to obtain the certificate but also to provide maximum security to your customers.
A clear example of these cyberattacks is the practice known as web skimming, which increased by 150% between May and November 2021 and consists of installing malware on e-commerce sites to steal credit and debit card data.
At this point, you should also know that there are different certification levels, since not all businesses process the same number of transactions. Most new online stores begin with PCI DSS Level 4 Certification, which is intended for organizations that process fewer than 20,000 online transactions per year.
The remaining levels are:
In short, if you are planning to launch an e-commerce business that accepts card payments, you must adapt your store to the requirements of the PCI DSS standard. Only then will transactions be secure and provide trust to your customers. If you need more information, don’t hesitate to contact our specialists.