Websites are under constant attack from hackers. Sites hosting loyalty and incentive programs are prime targets, given they manage the currency of points. Protecting against those attacks is a critical function of any company hosting loyalty and incentive program websites.
It's critical to take site and data security very seriously. Are your program databases and websites hosted at secure data centers, with rigorous security controls regulating physical and electronic data access? Does your data center include security measures such as biometrics and the latest electronic access systems? Is access to data centers and client data granted to employees on a ‘need to’ basic only? Are regular security audits are conducted at each data center.
Both internal and external penetration testing is critical to detect vulnerabilities and threats, including deep testing of web apps on the perimeter, internal networks, remote and mobile devices, and other instances with authenticated and complex scans. Testing should seek to detect OWASP Top 10 risks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and invalidated direction. Many loyalty and incentive program tech teams also test using WAS’ SOAP and REST API scanning capabilities.
Do you have a confidential disaster recovery (DR) plan in place? Do you comply with standards for PCI DSS, HIPAA, Sarbanes-Oxley, and other regulations as needed?
