Datacap Logo

POS security breaches still a problem in post-EMV world

Payment card and point-of-sale security are major issues in the retail world today. The number of attacks on systems that hold sensitive personal information is increasing with each successive year.

In 2014, 783 data breaches were reported to the Identity Theft Resource Center – a 27.5 percent increase over the number of issues the previous year. The problem is serious in the United States: 47 percent of the world’s credit card fraud happens here despite only 24 percent of the world’s credit cards being located in the country, according to Barclays, CreditCards.com reported.

The payment card industry attempted to stymie these attacks in Oct. 2015 by instituting a new security standard on all credit card transactions, the EMV chip-enabled credit card. Named for card issuers Europay, Mastercard and Visa, this chip creates a unique identification number for each transaction it processes. This approach makes it much more difficult to steal the information contained on the card to create a counterfeit one.

 Pad locks

The number of breaches and instances of fraud should begin to improve as the EMV protocol takes over and fewer cards use the old, magnetic stripe technology. But retailers should still be ready and vigilant about their systems and the ways they are protected.

Make a plan
A company should not be caught unprepared in the event of a serious data breach. The risks are real for any organization with a point-of-sale system, and pre-planning can save a lot of headaches.

Leebro POS recommended clearly spelling out what the company defines as a breach, and then detailing the steps of what to do about it. The plan should start with contacting the bank to inform them of the issues according to Trustwave. Next, a business should stop all payment processing on affected systems and switch over to non-integrated terminals, which can be provided by the bank. Lastly, the company should contact the United States Secret Service and a PCI forensic investigator to handle the investigation of the crimes.

Cover the endpoints
Every point-of-sale terminal, as well as any other piece of equipment in an organization’s payment environment that is connected to the Internet in any way, is vulnerable to being hacked, according to Leebro POS. Once hackers have a way into the corporate network, they are able to do their work relatively invisibly, so stopping them at the entrance is key. Making sure that the point-of-sale systems are separated from the Internet by a firewall is a good first step, and keeping the POS segmented from the rest of the corporate network is crucial.

The endpoint security sweep should extend to devices that are brought into the organization from outside. The concept of “bring your own device” has become a popular way to allow employees freedom at work, but be certain that they are checked for security issues before they connect to the corporate network.

Keep up to date
The final step in attempting to mitigate the dangers of point-of-sale attacks is to be sure that the system itself is not vulnerable in any way, according to Leebro POS. Retailers should be certain that the passwords being used are strong – at least seven letters long and containing one capital letter, one number and one symbol – and changed frequently. Companies should also ensure that the point-of-sale system’s software is regularly updated, as they are often patched to stop newly discovered exploits. Lastly, systems should be equipped with strong virus scanners able to detect any malware that makes it past the other precautions.