6 Ways To Prevent POS Malware Attacks

by CXOtoday News Desk    Feb 10, 2014

posmalware

In the wake of multiple data theft and breach incidents in recent times, retailers are increasingly hard pressed to find effective means of securing customer information. There are multiple ways to steal this information on-line, but Point of Sales (POS) is the most tempting target, believe experts. With an estimated 60% of purchases at retailers’ POS are paid by using a credit or debit cards and the huge amount of transactions happening daily though their POS, it is obvious that POS terminals are lucrative for cybercriminals seeking large volumes of credit card data.

In a recent article, “Six Ways to Prevent Point-of-Sale Malware Attacks,” Jeff Debrosse, Director, Security Research, Websense, Inc, outlines a number of security safeguards to thwart POS attacks. While the investigations are still on-going, security researchers have pointed out 6Steps for avoiding Point-of-Sale Security for retailers.

#1. Use data loss prevention (DLP) solutions, especially because they address data exfiltration. Specifically design your data security system to protect highly sensitive information, such as credit cards and social security numbers, etc. Focus on your most important assets first.

#2. Conduct baseline analysis of network communications that are internal, used for remote offices and external connections. This can help identify outliers in outbound and inbound communications.

#3. Ensure only authorized applications run within your POS ecosystems.

#4. Provide end-to-end encryption (E3) – hardware-encrypting data starting from the point-of-swipe. While this can be a costly measure, it will also be highly effective.

#5. Deploy smartcard (or chip-card) enabled POS terminals.

#6. Since attackers have to know the target’s OS platforms and related information, consider deploying solutions that help identify potential insider threats. According to the Identity Theft Resource Center, 2013 insider theft soared 80 percent over 2012 figures. The number of breaches attributed to employee error or negligence in 2013 jumped by 72.7% over 2012 figures. Breaches from Subcontractors or third Parties reflected a 67.9% increase over 2012.