Why POS Attacks Happen

Lisa Goth Cyber

A POS, or Point-of-Sale system, is the device in stores where customers pay for goods. A POS has evolved from the simple cash register to a multifaceted terminal that can now record customer orders, process payment cards, connect to other systems in a network, and manage inventory. It is essentially a computer system with software and hardware, and is subject to malware. 

Attacks on point-of-sale terminals are becoming increasingly regular. Attackers consider POS devices the weakest link of a system, and those industries that rely most heavily on POS systems are the most susceptible targets. The top three industries under attack by malware in terms of data breaches are: food services, public administration, retail.

Many attackers look for systems that are vulnerable and launch automated attacks. Most of the high-profile data breaches of customer payment information involved POS security compromises – the attacker concentrates on the connection between the POS workstation and the store server.

The phases of a POS breach are infiltration, propagation, exfiltration, and aggregation.

  1. An attacker gains access to the system by exploiting a system vulnerability or through social engineering techniques;
  2. Once in the system, an attacker installs malware which spreads until it can access the system’s memory and collect the desired data;
  3. The data is then moved to another location within the target’s environment for accumulation;
  4. Finally, the information is offloaded to an external location accessible by the attacker. 

Since POS system data has great value for cyber criminals and new malware is constantly being created and updated, businesses must employ defensive measures against potential hacking or credit card data theft. A business must continually perform risk analysis to achieve the highest level of security – regularly analyze to ensure that vulnerabilities are detected and swiftly mitigated. Protection is required across an entire network. Ensure that only authorized personnel have access to perform critical functions – access to your server opens the door for cybercriminals. Employ an antivirus, and take extra precautions by deploying mores stringent security controls, such as whitelisting and file integrity monitoring. 

To further protect yourself and your business, the professionals at Charles Leach can find the right insurance to help alleviate the damage your business will suffer from a cyberattack or data breach.