Technology has greatly improved our quality of life in many ways – but it has also made us targets for cyber crimes like identity theft. A simple, everyday act like paying for groceries could turn into a credit card fraud nightmare.
Point-of-Sale or POS intrusions are one of the biggest causes of data breaches, and those breaches come with staggering costs. Counterfeit card fraud costs the U.S. $7.86 billion in 2015, according to The Nilson Report. In 2015, card issuers lost $4.91 billion and merchants lost $2.95 billion to counterfeit card fraud. And many retailers will permanently lose their otherwise loyal customers because of POS intrusions and cyber crimes.
So how can we secure POS systems?
What Industries Are Most Vulnerable to Point-of-Sale Malware Attacks?
Retail and accommodations industries are particularly vulnerable to POS Intrusions. According to Verizon’s 2017 Data Breach Investigations Report, the retail and accommodation industries account for 15% of all POS intrusions in the last 10 years. Some of the reasons for these attacks are due to:
- Code and technique sharing by cybercriminals
- Swipe only POS systems
- POS systems that are not encrypted
- Weak antivirus programs
What Makes POS Systems Vulnerable to Data Breaches?
According to the 2016 Verizon Data Breach Report, more than 70% of 2015’s retail data breaches were from POS intrusions. Think about it: millions of POS systems, right now, are receiving highly confidential data used for processing credit and debit card purchases in open, public spaces like malls, grocery stores, and other retail locations. POS Systems are vulnerable because of their easily accessible locations.
But it’s not just credit card numbers and their expiration dates that are at risk. As retailers work to improve customer experience and provide omnichannel shopping opportunities, POS technology now has access to:
- Customer name
- Phone number
- Date of birth
- Loyalty program membership info
- Employee data
In short, POS technology is a candy store to cyber criminals who are trying to steal payment card and personal data.
POS hardware also puts retailers at risk for the Meltdown and Spectre hardware flaws. This is due to flaws in the chips installed in the hardware to increase data processing speed. Specifically, these flaws could lead to the exposure of passwords and encryption keys and ultimately compromise cardholder payment data.
What Can Retailers Do to Prevent POS Intrusions?
Here are 4 things retailers can do to decrease their risk of point-of-sale malware attacks.
1. Lock Your POS Devices and Secure USB Ports
Prevent the POS devices from being picked up or moved to a different location by attaching the device to the counter and/or lock it. You can also use alarms or disable the devices if they are removed from the store.
You should also ensure that the USB ports cannot be accessed. Mobile POS devices and their charging racks are particularly vulnerable to attacks via USB ports. Best practices dictate that you should disable the ports except for when they are plugged into an authorized device.
2. Access Control & Passwords for Your POS Devices
Ensure that employees frequently change passwords/do not share passwords and disable default logins.
A January 2017 study by Vanson Bourne found that 85% of IT Professionals say that the weakest link in security is a failure to follow policies and procedures for protecting passwords. Per Verizon’s 2017 Data Breach Report the use of stolen credentials (passwords) for POS intrusions increases every year. The most successful retailers identify and implement simple and robust solutions for balancing password security.
3. Replace Your Outdated POS Devices
Replace older devices with new devices that can disable USB ports.
Retailers at risk to the Spectre and Meltdown threats might be looking at downloading patches onto the hardware –but this may not eliminate the threat or may cause your old POS system to run very slowly. Furthermore, patches and upgrades will not be available for many older POS devices or POS devices that have Windows XP embedded in them.
4. Keep Your Antivirus Programs Current
It seems like there’s a new virus created every day, and there will always be a lag between the virus release and the creation of the antivirus. Minimize the threat to your POS systems by updating all hardware as frequently as possible with the latest antivirus software.