Protecting Beyond the Point of Sale

The sad reality is that retail breaches are becoming too common. With over a billion credit cards in circulation in the US and over 7 billion worldwide, credit card data has become a prime target for cybercriminals. An alarming number of data and network security breaches happen each year in the payment card and retail industries, causing sensitive customer information to land in the wrong hands. Fraud in the retail sector has been growing quickly and cybercriminals have been targeting point of sale (PoS) terminals and hacking networks of retailers to steal millions of identity and credit card records.  The fact is, roughly one in three Americans will experience a PoS malware incident.


In responding to retail breaches, companies often focus solely on the most obvious weak spots, which is often not the smartest long-term solution. Protecting data at the point of sale is not only essential for your business: it’s only a small piece of a greater holistic solution. A multi-layered security solution is needed. Securing central information databases with next-generation firewalls against advanced persistent threats (APTs) and bots, and ensuring compliance modules and threat management and monitoring is in place is equally important.


Many in the industry believe that having a more secure credit card will mitigate risk with transactions. The plastic cards we all know and use today are extremely vulnerable to cybercriminals. US credit cards are prime targets, as account data is stored on simple magnetic strips that are easy to decipher and all stolen US card numbers can be used globally.  A new global standard for credit cards hopes to solve this problem. The US has recently started a chip and signature system which is one small step in the right direction to securing credit cards. Europe is paving the way with more secure credit cards with their chip and PIN system. However, while the chip and PIN system prevents cybercriminals from using stolen cards in Europe, the magnetic strip can still be used in the US. Europay, MasterCard and Visa (EMV) have made the promise to provide better security by adding integrated circuit (IC) chips in credit cards. Unfortunately chip and PIN systems do not prevent cybercriminals from using stolen credit card numbers online. With that said, the act of upgrading credit cards with these new technologies is not enough to eliminate all retail breaches.


In conjunction with credit cards themselves needing to become more secure, PoS terminals also need to be more secure. PoS terminals typically run a fairly simple operating system without many heavy security protections and are not frequently updated with modern anti-virus software. Routinely PoS terminals are connected to one another and to a corporate network creating a scenario that is a perfect target for a cybercriminal. Once a cybercriminal is able to infect one PoS terminal, it’s simple to infect all of them.


Some retailers have already started to upgrade their PoS terminals to be more secure and comply with new card technologies. Mobile payment systems and electronic transactions are rapidly growing in popularity – eliminating the need for a physical credit card. Advancing the method of payment is just one way of keeping the technology one step ahead of cybercriminals. However, these systems aren’t perfectly secure and soon enough, cybercriminals will find their way into these payment systems.


Securing a business is about protecting both the PoS terminals and the network as a whole. To protect against fast-evolving attacks, companies must adopt a security mindset with dynamic architectures that update with real-time protections. Creating layers of protection with checks and balances, like software-defined protection (SDP), is a pragmatic security architecture and methodology that helps address today’s and tomorrow’s security challenges.


Retail breaches are not going to go away if security is not taken seriously. Cybercriminals have identified the weaknesses in PoS terminals and have taken advantage of stolen credit card data. Now, it’s time to boost security measures to protect customers and the retail sector.


Read more on the Plastic Breach.