Point of Sale or POS devices are used across the country by almost every retailer. They collect the data stored on the magnetic strip on the back of a debit or credit card and transit this, along with the transaction data, to the card provider for approval of the transaction. The amount of data which is transmitted is “complete” in that it contains everything which is required to process further transactions or can be switched to a clone card for further use or extraction of cash via an ATM.
In 2010, the majority of security breaches involving retailers was found to be due to criminal exploiting vulnerabilities in the POS device. The major reasons for them being favored is because POS devices have well known vulnerabilities, however they also represent the jackpot in terms of holding and handling customer financial data. They are a prime target as a consequence.
There have been moves to improve POS security, such as requiring data transmitted to card providers is encrypted, or to ensure that customer and financial information is not stored locally on the POS device.
Unfortunately, many POS breaches occur because POS settings for remote access are left on factory default settings, or because third-party integrators who are used by many small businesses, do not understand or apply modern security protocols.
There is also a disturbing development in that malware is increasingly being reported, as part of the breach itself. Very disturbingly is the fact that malware has been discovered which was able to break the data encryption used to send cardholder information to the card provider.
Retailers are especially vulnerable, and very especially small retailers who are unable to command the resources or expertise required to ensure a high standard of security is adhered to. Unless retailers are prepared to focus on this exceptionally risky vulnerability in their IT system, the risk posed by cyber attack will not go away, but rather will continue to increase, leading to issues with their merchant account and their reputation amongst their customers.
