Point-of-sale security is a major concern

Of all the industries and fields that IT supports, it’s hard to imagine one that could bring down a company faster than point-of-sale. After all, it’s where customers’ financial information enters into your control. 

But recent developments show there’s some serious concerns about just how secure these systems are.

Kaspersky’s Threat Post blog recently recently spoke with researcher Lucas Zaichowsky, enterprise defense architect at AccessData, about the challenges faced by IT in supporting P.O.S. systems. 

According to Zaichowsky, these terminals and the architecture behind them are so specific, they pose serious problems for security:

“Point of sale architecture and security is such a niche industry in terms of how to secure these systems and how card data flows. It’s like a big black box; those who know it well are few and far between. Even PCI auditors don’t understand it all that well.”

It isn’t just high-level attacks on Target and Neiman Marcus that result in stolen data. Every company of every size could be a target for credit card and payment system thieves.

Outdated firmware, third-party vulnerabilities and weak passwords all put these systems at risk, according to Threat Post.

Point-of-sale vulnerabilities

And it isn’t just customers who are at risk. A security researcher recently wanted to look into what makes point-of-sale systems tick, so he purchased a used terminal on eBay.

Contained inside the system was the names, addresses, social security numbers and passwords for every employee who had used the terminals at the previous owner’s restaurant.

Not a bad haul for an outdated, $200 system.

Secure everything

With news stories about connected thermostats, light bulbs being hacked and driverless cars showing up all the time, writers are tempted to say we’re entering an age of the Internet of Things. The truth: We’ve been there for a long time.

It’s not just computers and phones that connect to the Internet. Copiers, fax machines and other appliances have been on your network forever, and chances are some get forgotten in security audits.

To make sure you’re safe:

  • Take inventory. Make sure there’s a list of every device connected to your network – and check that it’s up-to-date with the latest firmware installed.
  • Know your security options. Vendors who installed specialty payment and other systems often disappear when it’s time to support them. Keep on top of security, and check that the systems are still supported. Especially with payment terminals, Windows XP is still taking up a good portion of the market.
  • Wipe everything. When you’re ditching old equipment, make sure to wipe its memory, whether you’re selling it, trashing it or returning to the leaser. Don’t assume that the supplier will take care of that crucial security step for you.