Retailers beware: data hackers are watching you. As the following article describe, POS systems within the retail industry are key areas of vulnerability for fraudsters.
The largest share of data breach incidents involved the retail industry, closely followed by food and beverages, according to a new report. The 2017 Global Security Report from Trustwave shows that 22 percent of incidents involved the retail industry, followed by food and beverages at 20 percent. Incidents involving point of sale (POS) systems also increased from 22 percent in 2015 to 31 percent in 2016. POS breaches are more common in North America which has been slower than the rest of the world to roll out the EMV chip, suggesting that hackers are keen to exploit the weakest target.
“The statistics show that POS attacks have actually gone up,” says Brian Hussey, VP of cyber threat detection and response, SpiderLabs at Trustwave. “You’d expect them to be going down as we’re slowly rolling out EMV in the United States. The POS style attack is seen much less in places like Europe and Australia where EMV roll out is more widespread. What’s interesting is that there are still the same amount of attackers, they know EMV is rolling out and are focused on targeting the remaining swipe systems because they know their victim pool is diminishing.”
There is good news in that companies are detecting intrusions more quickly. The number of days from an intrusion to detection is down from 80.5 days to 49. Breaches are being contained faster too, with an average of 2.5 days from detection to containment.
“Companies are getting better at threat detection,” adds Hussey. “More and more companies have expert resources to call on as they’re contracting out incident response and this has a big impact on bringing down malware’s ‘dwell time’. Threat hunting as an industry has really take off, companies assume the attack is coming and many assume it’s already there, so they invest in protection and threat hunting.”
Left unsaid in this article are the data breaches that occur away for the POS in company networks and back office servers that are hacked into by fraudsters who come away with thousands of payment card records. This data then becomes the source of attempted card-not-present fraud for e-commerce transactions. No doubt merchants need to increase their vigilance and IT resources to fight back. Once stolen card data gets in to the hands of fraudsters, merchants must rely on security software firms that use machine learning algorithms to thwart attempted card-not-present
purchase transactions.Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group
Read the full story here