Beware: Hackers Are Targeting POS Systems

According to a recent report from Verizon, last year hackers were specially active targeting Point-Of-Sale (POS) systems. In fact, along with web apps, these payment terminal systems were actually the number one target for hackers. This report had 50 global companies contributing, 1,367 confirmed data breaches and 63,437 security incidents.

Retailers should realize that building their own POS apps or opting for a given POS system on the market may bring security risks. According to Verizon's Paul Pratley, "a lot of attackers simply look for vulnerable victims on the Internet and deploy automated attacks".

The recent episode affecting Target showed that data breaches can be pretty harmful and cause, in a quick and effective way, important declines in the consumer's trust and leading to major financial losses. So, it is important for companies and retailers to look at POS security, both online and offline, as a top priority.

As we can see in the graphs below, the most popular type of POS systems attack is RAM-scraping malware, which grabs payment card data while it is being processed in the memory, before being encrypted. But online payment systems are also targeted, with Verizon recommending several actions to improve security, like avoiding single-factor authentications, fixing vulnerabilities, monitor outbound connections, and so on.

So, for all you inventors and retailers out there, do not think that "this only happens to other people". These security issues are very much real, and can affect the retailing giants or the small online stores just as easily. As Point-Of-Sale systems become an increasing target for hackers, business owners should be more educated and take retail courses that will provide better resources and train vendors.

What do you think about these security problems, and the ways to prevent them? Let us know in the comments.

May 5, 2014
by Anonymous

You should make a machine to

You should make a machine to trap hackers and corporate company's need not to move large or small transaction all at one time confuse hackers with ghost accounts but have more secure accounts with clients change codes often