POS systems may have hidden vulnerabilities
April 10, 2015

Retailers need to ensure their point-of-sale systems are up to date with all Payment Card Industry standards. Complying with security best practices better protects consumers from data breach risks. Credit card transactions carry the highest risk for fraud because cybercriminals have multiple ways of acquiring this information.

In March, retailers' POS systems were targeted by a Trojan program called PoSeidon that steals payment card information, Computerworld reported. The malware program allows cybercriminals to scan the RAM of infected POS terminals and access unencrypted card information through memory scraping. Although many other memory scraping programs require cybercriminals to log in to acquire the information, PoSeidon can automatically update itself and communicates with external servers. While this puts retailers and their customers at a higher risk, it may say more about the way POS solutions are implemented, according to IT Pro Portal.

Card transactions have always had vulnerabilities, but hackers are getting more sophisticated. EMV chip and PIN cards are expected to thwart individuals who create cloned cards, but there are still potential risks.

High costs of data breaches
The average breach costs a business $3.5 million, according to BizTech. This is a 15 percent increase from a year ago. Because the risks are increasing, there are a few steps retailers can take to close gaps in their systems. One of the biggest issues is retailers are still running their POS software on Windows XP even though Microsoft ended technical support and security upgrades for the operating system in April 2014, which means that new malware programs may specifically target these systems. Although organizations face significant costs to upgrade, the cost of a breach may be even more substantial.

Additionally, integration with other systems within a company can increase POS risks. Many cyberattacks happen because of targeted campaigns. If an employee opens an attachment or clicks a link with a virus, hackers can enter the organization. Depending on the user's level of access, a cybercriminal can acquire customers' payment information. All employees need to be aware of the risks, and companies should improve their ability to detect data breaches earlier.

Fortunately, many parallel technologies such as routers are already secured, IT Pro Portal stated. However, some POS systems come with a default password that many retailers do not change. Organizations need to understand the risks of malware attacks to take the proper steps to secure their systems. Some vulnerabilities can be fixed with better security testing and employee training.

Nexus: G-WEBCD1