There is no doubt that the point of sale system has revolutionized the retail industry. Not only has it helped to greatly increase the efficiency of employees, but it has also allowed merchants to view and analyze virtually all aspects of their business. Today, the point of sale system is a part of just about every retail business that people interact with on a regular basis.
But the point of sale solution, just like anything else, does have a dark side. Malware, designed to infect POS devices and systems and ultimately steal customer data, is infecting systems all over the world. In December 2013, these types of POS infections were on the rise, according to PC World. Authorities identified two types of malware as being at the center of the destruction: Dexter and Project Hook.
How POS Malware Works
The POS System terminals are first infected with the malware via vulnerabilities in the host or the network, such as an open wireless network that includes a point of sale terminal. Then, the Track 1 and Track 2 information, present on the magnetic stripes of debit and credit cards is identified and stolen. PC World says that once obtained, the information is then used by hackers who clone payment cards for sale to others or for their own use.
The second version of Dexter, known as Dexter2 and StarDust, also extracted track data, but was capable of extracting this information from network traffic that occurred internally. In fact, StarDust was a botnet, or a series of computers located in multiple areas, but linked together for the purpose of processing stolen data. But in StarDust’s case, both of the command servers were located in two Russian locations: St. Petersburg and Moscow. This particular version was said to have possibly compromised as many as 20,000 credit cards.
The malware also goes by the name ‘RAM scraper,’ as it goes after the data stored in the RAM of the system. Sophos.com goes into more detail about how this is done. There is a set of security standards used in the payment card industry. This standards set is called PCI-DSS, or the PCI Data Security Standard, which demands and ensures that any sensitive payment data is encrypted during its transmission, receipt and storage.
However, Naked Security says that once this payment data has been received, it must then be processed by the RAM of a POS System. And in order to be processed, the data is decrypted. It is at this point in the process that RAM scrapers strike, harvesting data with regular expression searches, and then sending the stolen information to a rogue callhome server.
Every Business Is Vulnerable
Some of the terms being used to describe these threats have made it seem as though malware attacks on point of sale systems happen only on the systems of major businesses. This has caused many business owners to think they have nothing to fear as far as POS malware is concerned. But this is far from the case. The increased sophistication of these malware programs has mean that hackers are able to expand their reach, creating malicious file names that are hidden in plain sight.
Currently the RAM scrapers that plague the POS world target several industries, including education, healthcare and hotel and tourism. And it comes as no surprise that these industries experience high volumes of transactions involving debit and credit cards.
And hackers are hitting a larger number of small businesses than ever these days, while avoiding large corporations. This may mean several things. A hacker who is just starting out may find there’s less of a chance of getting caught if they choose to infect the POS System of a small business.
Best Practices Are the Best Defense
The United States Computer Emergency Readiness Team, or CERT, suggests that best practices are the best way for business owners to defend their systems from POS network attacks. The usage of strong passwords when installing the software is at the top of the list, along with regular updating of POS software applications. And just like with any computerized system, ensuring a firewall is installed to protect the system from an outside attack is crucial, as is installing anti-virus software.
The accidental exposure of a point of sale solution to the internet can be prevented by restricting that access. And finally, remote access should be disallowed in order to close any unsecured channels. Ensuring that you are always up to date on the required measures can be difficult; that is where point of sale systems from companies such as Shopify can come in handy during times as such, as the software is independently maintained without you having to personally ensure each time an update or additional security layer is required; thereby, ensuring that you are always a step ahead in the game.
However, despite all of the best practices applications, one thing is for certain: the more evolved that technology becomes, the more sophisticated hackers will also need to become in order to overcome new challenges. As long as there is room for credit and debit cards in the retail industry, there will be a temptation to steal that card information from the consumer. And so those in charge of defending their networks will need to ensure they are well prepared to protect them.
Leave a Reply