It may seem like the hacking of cash register systems, or POS systems, are a thing of the past, but in reality they are still very much alive today as statistics gathered by the 2017 Data Breach Investigations Report by Verizon have shown that while attacks on POS systems have proportionally gone down, there is still a thriving market for stolen cards. The report reveals that POS attacks made up only 6.7% of the total breaches this year. But with the holidays right around the corner, it might be time again to review why POS systems are still vulnerable and what retailers and manufacturers can do to protect their POS systems.
How are POS systems hacked?
A POS system hack is no different from a regular computer system hack; while some hackers may chose to attach a monitoring device to the POS system itself, a better way to elicit even more gains would be through remote hacking. Typically, hackers gain access by installing RAM (random-access memory) scanners to access the memory of the computer system and obtain customers’ card data after debit or credit cards have been swiped at the terminals.
In a matter of seconds, the attackers can gain access to card information to be used for malicious purposes like selling the information through an online black market. But not all of these systems come in the form of dedicated POS terminals. Sometimes these POS systems run on Windows, meaning hacking malware can be introduced to a system.
What about secure chip card readers?
Payment cards with only magnetic stripes make it easy for hackers to steal card information. When swiped at one of the terminals, the card number, expiration date, and the security code are all collected, which means a hacker who hacks the terminal has all the information he or she needs to create and sell “fake” payment cards. With the secure chip card, however, dynamic crucial security codes are utilized, changing each time the card is used. This makes it a lot harder for hackers to use the card. Stolen card details are also worth much less on the black market.
While cards with chips are considered safer, a major problem is that many businesses are reluctant to switch over to chip card readers. It takes a lot of manpower, time, and resources (i.e money) to make the switch. In fact, only 44% of retailers are utilizing chip card readers on their POS systems. Then there is also the fear that instilling new security/software patches will temporarily disable the POS systems, affecting sales. As a result, retailers are hesitant to make a change to their existing POS systems.
Protecting POS Systems
Having retailers switch over to secure chip readers would be ideal, but as mentioned there are challenges that come with this change. It’s not all about the retailers; some shoppers will choose to swipe their card through the magnetic stripe even if they have a chip card. Luckily, there are several other ways in which these stores can protect their POS systems. One way a hacker may gain access to the system is through keylogging, which uses a type of spyware that secretly logs keystrokes. By adding protection with anti-keylogger software, POS systems running on Windows, for example, will be protected from hackers attempting to gain access.
Retailers can also implement remote takeover protection to prevent hackers from even viewing or accessing the POS network. This kind of technology would intercept an attack and switch the default desktop screen to an isolated screen, thereby preventing hackers from viewing anything on the desktop where they might otherwise have access to the databases. Retailers must also remember that protecting the terminal environment is just as important as safeguarding the network.
Keeping staff informed is another excellent practice that doesn’t require overhauling the existing POS system. Consider training employees on keeping POS equipment from being tampered with by referring to free information sources online (check out this guide by the Payment Card Industry Small Merchant Task Force).
POS security is something that affects everyone, whether they’re retailers or buyers. Everyone remembers the huge Target hack that led to the data leakage of over millions of people. It still continues to be regarded as one of the largest data leaks of our time. While attacks against POS systems are decreasing, it doesn’t mean they will fade out anytime soon. Cybercriminals will continue to target vulnerable POS systems as long as there is a market for stolen credit cards.
Customers should be aware of the risks and consider changing to more secure chips in their credit cards if the option is available. The holiday season is a particularly targeted time for cybercriminals to make the most gains. If you’re a customer and want tips on how to protect yourself during the holiday season, check out Penta Security’s blog post on how “SANTA” keeps you safe while holiday shopping.