The most famous case of retail cybercrime recently was in December of 2013 when Target released a statement that a hacker had been able to gain access to their POS system and steal more than 70 million customers debit and credit card numbers.
This breach caused the CEO and CIO of the company to lose their jobs. It was revealed that there were measures they could have taken to prevent the attack.
If they had used an auto-eradication feature in their FireEye anti-malware system, then it could have caught the code of malware before the data was taken.
There are many different ways for a hacker to exploit a network or system. For small business owners, the threat is even greater.
Let’s look at the top eight ways hackers get into POS systems so that you can keep your business safe.
What it Does
Many people don’t understand how malware is so destructive. But it can directly affect your customers. If your company is hacked it will be publicized immediately once it’s discovered by someone outside of your organization.
The collateral damage from this could include card associations, banks, issuers, customers, and your insurance company.
The primary target of attacks on your POS system is the credit card data that is stored on it. Once a criminal gets ahold of that kind of information, they are able to virtually create credit cards and then go on an internet spending spree.
They may also use the credit card numbers in different ways like selling them in bulk to other thieves.
Encryption Keys with No Hardware Security Module
One of the worst mistakes you can make when managing customer user data is storing it in the same location where you have your encryption information stored. You will have made everything easy to access in one swipe for a hacker.
Instead, you should physically keep your encryption key data away from your user data.
If you are looking for a way to store your encryption data, you should try a hardware security module. This is a physical device that attaches directly to your computer or server to access your POS system data after it has been uploaded to your company’s network.
This will add another step to your data offloading process. But it won’t be as hard as trying to explain how your customer’s data ended up in the hands of a criminal.
Business Networks with Unsegmented POS System Data
If your business uses a corporate network for sending system and security updates to your POS devices, then you are putting your business at risk. A hacker could easily gain access to your network and then have access to all of this data.
Companies with large IT departments separate these networks and then create small pathways for the POS data environment to connect to the business network to make system changes. This is the optimal security setup.
But that is an expensive configuration. Smaller organizations often opt for a multifactor authentication system instead. It also connects a Business Network to a POS device. For a company with a modest IT budget, this is your best option.
It’s important to note here that for businesses that offer free Wi-Fi to their customers, you shouldn’t run your POS system on the same network. A hacker can sit down with a latte and find their way in a backdoor to your data.
Running on an Old Operating System
Upgrading to Windows 10 can seem like a big change, but it’s a necessary one. Support has ended for many of the older versions. That means that the company will no longer patch updates for that system.
As security problems arise, nothing will be done. Make sure that you update to the latest software so that your data is protected with the latest updates.
Using Default Manufacturer Passwords
Many people think that since the manufacturer password is often a random series of numbers and letters, you don’t have to change it.
But this is an incorrect notion. Hackers have pulled lists of these passwords before from the network of your POS system manufacturer.
Change the password as soon as you hook the device up to your software to be safe.
When you buy devices to use with your POS system, it can be tempting to buy a product that seems like a really good deal.
But you should make sure you pair with a company that has a solid reputation. There have been fraudulent devices out there that are set up to steal your customer’s data.
The devices give criminals direct access to that data without you knowing anything happened.
One sign that a device may be fraudulent is if it says that many customers transactions can’t be finalized. This makes the customer think that something is wrong with their card or your system when in reality, the device is pulling the customer’s data to a server somewhere.
Malware Via Phishing
Make sure that you train your employees not to open any emails that look suspicious. Hackers can embed links in emails that give them access to your system.
Once a hacker has taken control, they can access your entire network and gain access to your customer data.
If you took our previous tip and didn’t store your POS data on the same network, then you will be in luck. But you could still be in danger of a hijacked computer remotely connecting to a POS device near it.
Ram scraping is an old-fashioned attack style. It happens when an attacker rips credit card data from your devices before their memory is transferred to your network and encrypted.
This kind of attack can also be prevented by keeping your POS system on a different network from your business network. You should also have firewalls in place.
POS System Services
It’s important to stay up-to-date with recent security advances by updating your POS devices and network security.
If you are ready to get serious about your business’ safety and you are looking for professional help, check out our services today.