02 Mar Protect your PoS environment from attacks
A point-of-sale (PoS) device is one of the most important features in any retail location; it’s where all purchases are finalized. With headlines announcing major retail, entertainment and healthcare industry breaches, you might have asked yourself, “How can my environment become breached?” or “How do I protect my business from cyber-attack?”
Determined criminals can target a business’s point-of-sale (PoS) terminals and compromise the credit cards of thousands of users at a time. There are several ways attackers can take to gain access. One option is to go after a database where card data is stored, but targeting the PoS system – where a retailer first acquires card data – is also an option.
If your business supports credit card transactions, chances are you have a technology infrastructure of some sort made up of more than just PoS devices. Whether you have a small or large business, you likely have computers, a network server or other technology, besides one or more PoS terminals. There are a multitude of functions that can be performed by the PoS software, such as inventory management, tracking revenue and staff hours, and running reports. Your PoS devices most likely connect to the Internet as well, in order to contact external credit card processors.
Most businesses think of a PoS system as a device and not a full-fledged computer. Since PoS systems tend to be replaced every 10 years or more as opposed to every three to five years like other computers, they tend to run older operating systems. This makes it relatively easy for a criminal to exploit any number of vulnerabilities if they can get malware onto one or more PoS devices. If all your PoS terminals are on a one-size-fits-all network, it’s much easier for crooks to find weak spots and traverse all the PoS systems.
Safeguarding Your PoS Environment
- Make sure your PoS terminals are up-to-date and patched.
- Whether you outsource your PoS or run it in-house, insist that remote access be managed securely. Third-party companies used for technical support frequently use remote access tools, sometimes with easy-to-guess credentials.
- Use two-factor authentication when accessing the payment processing networks, even if Virtual Private Networking (VPN) is used. This will help to mitigate key logger or credential dumping type of attacks.
- To secure payment card data, set up SSL certificates which encrypt data in transit.
- Actively monitor your systems for signs of malicious activity like outbound file transfer via FTP that deviates from normal operations.
- Make sure your PoS network is separated from your other networks and databases to prevent malware from spreading should they become infected.
Securing your payment card data and PoS environment requires multiple layers of protection. These helpful tips are provided by www.infosightinc.com, a cyber security company that helps ensure the privacy and security of your corporate, personal and financial information.
Powered by www.InfoSightInc.com