Starting in 2013, attacks on the point-of-sale systems of major retailers like Staples, Target and Neiman-Marcus made us painfully aware of the threat that POS malware poses. Retailers like these held caches of immensely valuable data, including credit card numbers and personally identifiable information (PII). And hackers got a hold of it.
This guide explores the nature of the threat, primarily by reviewing the story of the point-of-sale malware breaches of the past year, and examines the damage done, but also proposed strategies that retailers and security pros can take to prevent the next POS malware disaster.
Warning: Point-of-sale systems are targets
Since mid-2014, the U.S. federal government has been warning against, and monitoring, a type of malware that targets point-of-sale systems. One of the major threats is Backoff; another is called BlackPOS, also known as Kaptoxa. (Pronounced kar-tosh-a, the Russian word for potato, reports indicate it contains some Russian code). POS malware breached systems of major retailers and stole hundreds of thousands of credit card numbers and other personal data. This segment of our guide reviews the breach stories, from the initial warning of the threat to the revelation of the damage done. Backoff, and all POS malware, pose an immense threat to the security of financial and other sensitive data; these articles focused on the U.S. government's warnings and other informational releases make clear the extent of the threat.
Though the Target and Neiman Marcus data breaches alarm consumers, experts say there are so many POS weaknesses that, from a security perspective, it's surprising there aren't more break-ins. Why is POS is so vulnerable? There are several factors, but there are also ways to improve security. Continue Reading
Windows XP end-of-life may make PCI compliance difficult for merchants who don't solve the security weaknesses of XP-based POS systems. Continue Reading
An October 2014 data breach at the office-supply retailer ultimately compromised the numbers and other transaction data of 1.16 million credit cards and POS malware seems to have infected systems of the majority of Staples stores. Continue Reading
The nature of the POS malware beast today
As 2014 ended and 2015 began, experts began assessing the nature of the threat POS malware poses now, and noticed some interesting characteristics and recent changes. For instance, while the number of attacks may be dropping, they are just as deadly to retailers. The time lag between attack and detection (not to mention alerting the consumer) is a source of danger, too.
While the number of attacks overall may be decreasing, Backoff malware is proving popular with hackers. Continue Reading
While Backoff malware has been getting the most press, there are other variants of POS malware that retailers need to watch for. Continue Reading
Defending a POS system
POS systems are everywhere, and hackers are too -- and they are determined to get to the valuable data those systems contain. Is there no hope? It's a tough security issue but there are things professionals in the security field, and retail system managers, can do to make it tougher for the bad guys and, with luck, keep them out altogether. This section walks through how to create the most secure point-of-sale system and network possible.
By whitelisting technology, point-of-sale connections can be made safe(r) from the threat of POS malware. Continue Reading
POS terms to know
To grasp the threat and the solution to malware targeting point-of-sale systems, it helps to know the terminology. Check out this system for the key POS terms in use now.