According to Information Age, POS attacks are more prevalent than ever, as systems remain a well-known target for hackers to gain sensitive information.
POS hacks are one of the top nine breach types, according to the 2014 Verizon Data Breach Investigation Report.
Many of these attacks are carried out by placing malware on POS tills that capture payment information while it is stored in a temporary memory server. Hackers then use a remote connection to extract the card information. Some hackers are able to develop this kind of malware themselves, while others buy it off the internet.
This extraction can be carried out by a variation of means including RAM scrapers and key loggers.
A new POS attack of this nature is being called Oracle MICROS, attacking over 330,000 customer sites including retail and hospitality. Many experts are worried about this type of attack because it can be easily reconfigured to target other types of POS systems in the future.
Business owners should take heed of simple advice from Rapid7 security engineering manager Tod Beardsley: “End users of these systems need to start demanding reasonable security from their vendors that includes easy-to-use ‘first boot’ procedures to custom configure their enterprise, a reasonable patch management schedule, and regular updates against known threats vulnerabilities.”
In addition to this advice, keep these four tips in mind for optimal POS security:
- Ensure only authorized employees are allowed to enable POS materials and other secure information.
- Focus on malware detection.
- Regularly update point of sale software as changes are released.
- Use strong password encryption for secure access on POS devices.