News Feature | February 10, 2014

Retailers Face Big Challenge Securing POS Systems

Source: Retail Solutions Online

By Kara Murphy, contributing writer, Integrated Solutions For Retailers

Malware that infected Target was simple program and others are out there, experts warn

Retailers face a huge challenge in securing customer data from malware that collects credit card data and information directly from point of sale (POS) devices. Experts believe the recent high-profile security breaches at Target, Neiman Marcus, and Michaels are just the tip of an immense issue that will continue to plague retailers.

“Retailers have a few choices against these attackers. They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors,” says Yotam Gottesman, a senior analyst for RSA First Watch.  

In a recent blog post, Gottesman explains while the POS malware used to attack Target has been identified as the ChewBacca Trojan, which operates by logging keystrokes and scrapes the memory of POS systems and card magnetic stripe data, there are other, similar malware systems still on the market that could infect large retailers.

"The ChewBacca Trojan appears to be a simple piece of malware which, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months," Gottesman wrote.

The U.S. Government has weighed in on the security concerns, issuing a warning through the United States Computer Emergency Readiness Team (US-CERT), which is a part of the Department of Homeland Security. The warning includes POS best practices to follow in order to increase the security of POS systems and prevent unauthorized access. Best practices include: using strong passwords; updating POS software applications; installing a firewall; using an antivirus program; restricting access to POS system computers via the Internet; and disallowing remote access.

See the brochure: Secure POS transport

Want to publish your opinion?
Contact us to become part of our Editorial Community.