Home > blog

Wednesday, 16 September 2015

Point-of-sale Security - how to avert retail cyber attacks


retail POS security


As point-of-sale systems adopt new-age retail POS software, retailers will have to brace themselves with the security threats that may come with it. Devices that handle credit and debit card information are at a constant threat from cybercriminals who want to steal such data.

New and emerging retail POS and retail CRM technologies are enabling retailers to exceed customer expectations. The customers in turn demand greater convenience and value. Greater convenience comes through greater connectivity between retailers and customers across multiple touchpoints be it channels, locations or devices. And such gratifying levels of connectivity offer convenience not only to consumers, but also to cybercriminals.

Lately, connected point-of-sale (POS) systems are being highly targeted by cybercriminals and specially-designed viruses for such purposes are further indication that all kinds of connected devices may be susceptible to attack now.

For more than 80,000 customers around the US who bought a $5 footlong sandwich at Subway, the second largest fast food chain with over 32,000 outlets in 90 different countries, it was a ticket to having their credit card data stolen by a band of Romanian hackers who later pled guilty to having stolen payment card data from the point-of-sale (POS) systems of hundreds of businesses, including more than 150 Subway restaurant franchises and at least 50 other retailers, using 'sniffing' software to make illicit charges. And those retailers made it possible by practically leaving their transaction information freely open to the Internet, letting the hackers ring up over $3 million, as mentioned in this article.

The cyber attacks on US retail giants Target, Neiman Marcus and Michaels Stores - which involved malware on POS systems - had a profound impact on sales and consumer confidence in the safety of credit-card information at retail POS terminals. Potential hauls for successful cybercriminals provide plenty of motivation to target POS.

"Retail cybercrime is the crime of the future," says Dave Marcus, director of security and communications at security software firm McAfee. "Instead of coming in with guns and robbing the till, criminals can target businesses, root them from across the planet, and steal digitally."

As retail businesses adopt more omni-channel retailing methods such as e-commerce, m-commerce, social selling, and mobile payments, standard online and mobile payment frauds also pose a problem, exposing confidential information and credit card data of the customers. This means that retailers could soon find themselves being attacked both online and on the high street.

Despite this worrying trend, by translating the same principles of security from the real world to the POS network, a security defence strategy can be put in place to prevent cyber criminals from gaining access to your sensitive, valuable data.

The ‘POS’tulates to be followed to avert cyber security attacks on retail POS system are:

• Create a response plan that will potentially address the incident of a cyber-attack. Test the execution of this response system on a periodic basis.

• Perform a thorough audit of data that is sensitive and confidential to keep a record of their storage locations on the network as well as their instances and volumes. This gives an understanding of where the valuable information is available.

• Get rid of any unauthorized instances of the sensitive data based on the company’s information governance policies, so that the exposure of such data is minimized.

• Create and regularly update standards of normal activity for each of their endpoints.

• Employ specialists who deal with information security to proactively fish out anomalies in real-time reports that are generated. These should be considered as signs indicating that the network’s security has been compromised and the attackers have access to the data.

No comments:

Post a Comment