Fri. May 29th, 2020

POS Malware Data Breaches and Why They Keep Happening

5 min read

You might have heard about data breaches affecting many people for a while now and the things that may come in your mind are all about backend systems, computers and maybe mobile devices being targeted. However, many of these reported data breaches happened on a business’ point of sale system.

Point of Sale (POS) System is a combination of a POS software and POS terminal and is usually used to complete a sales transaction. A POS terminal is the electronic machine that you see when you are paying for your goods or any service you have just availed. It runs your sales transaction and processes your payment. POS software, on the other hand, is the application that lets you connect to the internet and completes the POS system.

Types of POS Systems

Depending on your business and your need, there are several types of POS Systems that you can utilize. Some of which are:

  • Retail POS Systems

This type is primarily used in retails environments and has features like employee commissions, inventory tracking, customer database, gift registry, layaway, color and size matrix, and purchase orders.

  • Restaurant POS

The initial use of POS in many restaurants is to process transactions and accept payment whether by cash or by credit card. However, a POS for a restaurant has other features like transaction reports that can be broken down to date, time and type, order system that can streamline operations (allows you to send an order directly to the kitchen), loyalty program, menu performance, server sales performance and many more.

  • Mobile and Tablet POS

This primarily uses smartphones or tablets to process payments, manage clients’ information and track inventory. It usually involves an app, which is usually free in exchange for payment processing, that you can download and install in your phone or any other handheld device.

  • Self-Service Kiosk POS

You may have this particular kind of POS when you are at the self-service gas station, parking space, some fast-food chains, and even large retail stores that offer self-checkout.

  • Salon and other services POS

Businesses primarily offering services have a special set of POS that may include appointment calendar, customer database that has their history, retail functionality and employee management among others.

Attack on POS systems

Cybercriminals attacking POS systems is not a brand-new thing in cybersecurity. It has been going on for a while now. The world has seen several attacks on big companies over the past few years.

In 2013, an attack was made in the POS system of Target which infected its payment card readers and comprised around 40 million credit cards’ information of its customers. Following close a year after, Home Depot experienced a POS attack from hackers as well that stole around 56 million customer’s credit card details.

A few years after, another big name was put in the spotlight for a POS-related breach. Malware infected the company’s POS system and while the total number of victims was not announced, it was assumed that the attack was huge as it affected Chipotle’s 2,2550 restaurants.

How is the Attack Executed on POS Systems?

If you are just starting a business or own a small or a medium-sized business, you might think that cybercriminals will not take an interest in your company, unlike those big names that we have mentioned. However, this proved to be wrong. According to a study, these kinds of data breaches happen frequently in small and medium-sized businesses as they are easier to infiltrate than those large retailers. These types of businesses are laxer in terms of securities and policies.

POS systems on these businesses are often run on Window-based computers and are usually susceptible to cyber threats. Since most of these computers are often not solely dedicated to POS systems alone,  it can be used as well to check emails and browse the internet and sometimes even social media.

Phishing and social engineering are the usual way malware can penetrate your computer. Once the attacker has singled you out to do his dubious ways, a tailor-fitted email attachment or a malicious link embedded with malware can be sent your way. One you or your employees have clicked this link or downloaded the email attachment, the virus can infiltrate your system. Out-of-date and unpatched security vulnerabilities in your system’s software usually make these attacks successful.

Once the malware has infected your system, it can infect other machines on your network until it reaches your POS.  When a credit card is used to complete a transaction, its data are stored on the machine, usually unencrypted for payment processing. The malware then goes for these data, collects it and sends all stolen information to a remote server.

How to Protect your POS from Malware Data Breaches

  • Update your POS

Make sure that your POS system is always up to date. This is an essential step to keep your system safe as hackers find it easy to recognize vulnerabilities and gain access to your backend system with outdated software.

  • Run test regularly

Running test regularly will not only let you check the strength of your POS system but also lets you find and fix any weak spot that can cause an attack. It also lets you verify if all of the aspects of your system is totally secured.

  • Have an antivirus software

Installing an antivirus software in your system is probably the most essential thing you can to protect your POS from being attack. It may be the simplest way but it does wonders as it continuously scans for viruses or malicious files in your system. Make sure to find the best antivirus product that best works for you and is suitable for your needs.

  • Secure your network with complex passwords and enable 2F verification

All the cybercriminals need to steal information from you is an internet connection. Make sure to secure your network with a strong and complex password and change it every 6 months. It should also contain uppercase letters, symbols and numbers. Don’t forget also to add a second layer of security that will reconfirm your identity every time you log in.

  • Educate your employees about cyber safety

Some of the biggest cyber threats that happened in history are because of human error.  Your employees, no matter how big or small your organization is, should be trained to spot unusual activities, check for anything suspicious and apply the best cyber safety practices. Your employees can act as your most effective defense against any cyber-attack.

Final Thoughts

The point of sale system is the heart of your business and takes the most essential task to make your company running. It helps you with your inventory management, staff and customer management, price adjustments and even laborious tasks like sales reports, creation of purchase orders, menu customization and a lot more things.

As this becomes the epicenter of your company, it is essential to barricade it from any threats and make sure it is always well protected. Cyber-attacks and the damages it always causes will always be prevented if you and your employees will do its part.

Author’s Bio

John Ocampos is an Opera Singer by profession and a member of the Philippine Tenors. Ever since, Digital Marketing has always been his forte. He is the Founder of SEO-Guru and the Managing Director of Tech Hacker. John is also the Strategic SEO and Influencer Marketing Manager of Softvire Australia – the leading software eCommerce company in Australia and Softvire New Zealand.