Smaller retailers are facing serious challenges from criminals who are targeting Point-Of-Sale (POS) devices, though it is not just the small retailer who is in the firing line. There are increasingly tough challenges facing enforcing security of credit and debit card transactions, however the volume of cyber attacks on POS devices underlines the profitability for criminals and the low hanging fruit they represent due to lax safety and security standards being applied by retailers generally.
POS are also well-known for their security vulnerabilities, which simply adds to the attraction for criminals to target them. There is a serious issue for which both manufacturers and retailers have not been as diligent as they ought to be in terms of coming to grips with the entire problem confronting a very profitable sector of the economy.
Trustwave is a recognized industry leader in conducting security investigations and compiling market reports. In 2010, they conducted 220 investigations of security breaches which took place in 2010. Of these, over three-quarters of the security breaches were found to be attributable to the POS system being exploited. It should be noted that this survey included investigations of breaches at some of the major names in the credit card industry, including American Express, MasterCard and Visa. In other words - no one is safe from being targeted.
POS systems are the preferred method of attack for cyber criminals because they provide ready access to customer financial information. One credit card account number, verification code and customer information is readily sold on the black market for $20 and in many cases, for substantially more. The card information is then utilized in identity theft or purchase fraud.
POS devices are used to read the information contained in the magnetic strip on the back of the card. They will then transmit the data to the credit card provider from the retailer's location. Whilst there are security protocols which are available for application developers to use (such as Payment Application Data Security Standard or PA-DSS), they are rarely implemented in practice.
There is also a further problem: many third party integrators are used by smaller businesses and retailers, however they themselves are usually implementing extremely poor security practices. Almost 90% of the breaches investigated by Trustwave resulted in findings of security failures such as retaining default, factory settings for remote access systems or with the operating system. This represents a critical security vulnerability which leaves the POS device open to intrusion and attack.
There is also a new development in exploiting POS devices. Malware has been detected which is actively targeting POS appliances and this is a trend which is set to continue and grow. Empirical reports of POS attacks utilizing malware, are on the increase despite the implementation of compliance with the relatively new Payment Card Industry Data Security Standard or PCI-DSS. PCI-DSS requires encryption of data transmission and prohibits the storage of card information on the local POS device. Nevertheless, in 2010, malware was discovered which was capable of breaking the encryption used in transmitting card data.
Lawrence Reaves is a strong believer in Washington DC IT consultants that offer services such as Washington DC network security and cloud computing. For these services Lawrence recommends PLANIT Technology Group, a Juniper Technology Partner. PLANIT Technology Group can be found online at: PLANITTech.com. Article Source: |
Tidak ada komentar:
Posting Komentar