Attacks on the Point-of-Sale Systems

The credit card and debit card data theft is one of the earliest types of cybercrime that still persists today. A lot of these cybercriminals setup such elaborate operations to harbor thousands and thousands of data before they decide in selling them in the black market.

The stolen data are being used by these criminals using the card’s magnetic strip to create clones. This is a real lucrative business selling these cards with one card priced up to US$130.
How these attackers steal these data is through the use of several routes. One of the options that these attackers are able to gain access to is the point-of-sale system’s (POS) database. Another way is to target the point where the retailer first gets the card data, and that’s the POS system.

Now, one of the biggest sources of stolen credit cards for the cybercriminals is the point-of-sale malware. This had been going on recently and the threat from the POS malware has slowly creeping. Attackers have sharpened their methods of accessing data, which gives way to big security breaches since 2013. The breach had compromised to more than 100 million credit and debit cards in the US as was reported.

Despite all the data security improvements due to the advanced technologies, there are still a lot of gaps in point of sale systems security. Along with the weakness in the overall security in the IT infrastructure, retailers are finding themselves more and more exposed to the cybercriminals. There is a thriving market for all these stolen credit card and debit card information.

The Evolution of the Security Threat

Although there are several POS transactions that are being carried out in cash, but a huge of portion of the transaction is being made by customers swiping their cards. A lot of these card swiping machines are standalone devices, but for these modern Point-of-Sale systems especially for the larger retailers have an all-in-one systems that is able to handle a wide range of customer transactions which involves sales, gift cards, rewards, promotions and returns.

POS Security Concerns

– Accessibility especially when it comes to payment card handling where it requires strict security to protect the data from getting accessed in the system’s database.

– The lack of point-to-point encryption (P2PE). When a card is swiped when making a purchase, the data on that card which is inside the magnetic stripe and then passes through several systems and networks before it ever reaches to the retailer’s payment processor. If this data passes over a public network, a good POS system should have a stronger security like the Secure Sockets Layer (SSL) to protect the data. SSL encrypts the data.

– Vulnerabilities with the Software especially with old POS machines that are still running old operating systems. These machines under these old OS are vulnerable to attacks.

– Malicious Code Susceptibility especially for those POS machines that are run by Windows, they are capable of running any malware that runs on Windows. So most of these attackers do not need to have specialized skills to target the point of sale systems with malwares that are not designed for these machines, but can be easily be repurposed in order to run against them.