Merchant POS Sites Offer Hacker Heaven

by Raymond Pucci 0

There are two kinds of merchant POS stations—those that have been hacked and those that will be. As the following article relates, payment transaction data offers a treasure trove for fraudsters to ply their trade.

Every day, with every swipe of a credit card and every voluntary disclosure of personal data, individuals are putting themselves at risk.

An immeasurable number of organizations have sensitive personal data, such as credit card info, on file. But the reality is, nothing from the staples of American strip malls, such as TargetHome DepotWhole Foods and Sonic, to mom and pop shops are safe from breaches.

Point of sale (POS) system breaches continue to dog retailers and customers, despite many industry best practices. Large swathes of credit card data make POS systems an appealing and highly profitable target for hackers, and companies need to fortify their bottom line security to avoid the common mistakes that result in most breaches.

Retail, hospitality and restaurant businesses, among others, use POS software to track sales, cash flow, inventory and other related data. No modern sales-based company can operate solely with a traditional cash register thanks to the rise of credit cards and digital payments.

But the average consumer would be hard pressed to find a single one of their cards which has not been used at a merchant with a compromised POS system. “Organized crime gangs have so completely overrun the hospitality and restaurant point-of-sale systems here in the United States that I just assume my card may very well be compromised whenever I use it at a restaurant or hotel bar/eatery,” said Brian Krebs in his review of the 24×7 Hospitality Technology POS breach.

In fact, approximately 23% of breaches take place through a POS system, according to Stephen Boyer, CTO and founder of BitSight Technologies, which rates companies based on cybersecurity performance. But merchants are not always immediately at fault for a breach.

POS systems are often contracted out to third-party providers, which lessens the IT burden on a company but places security in the hands of an outsider. Based on varying estimates, roughly 60-70% of POS breaches involve a third party, according to Boyer.

Criminal hackers prey on POS terminals because, well—that’s where the money, or cardholder data, is. Larger merchants are especially vulnerable due to the multi-terminal stores they operate including unattended checkout counters. Hospitality businesses often have POS terminals in remote areas of their properties. Then there is also the issue of many third party vendors that have access, although limited, to merchant IT systems. Lesson learned: hire and stay close to a security and fraud management firm.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group

Read the full story here