Point-of-sale retail security requires a new look

Magnetic stripe card and Windows-based POS systems have a number of critical vulnerabilities.

The recent data breach at U.S. retailer Target revealed deep flaws in point-of-sale security, which continues to be a neglected area despite the abundance of applicable regulations and the growing number of targeted attacks. For retailers, the incident provides an opportunity to step back and consider how they can make IT systems more secure.

From the warehouse to the store floor, retailers can bolster security efforts with restore on reboot software. Administrators can install it on nearly any endpoint and leverage it for both business and security purposes. If Demo computers or POS systems get infected by malware or if their settings get misconfigured accidentally, then with a quick reboot it can be easily restored to its original configuration without interrupting retail operations.

Assessing POS security shortcomings in aftermath of Target breach
The underlying issue in the Target incident was the magnetic stripe cards that customers used to pay and the POS systems that read the data from them. POS terminals have software that read magnetic stripe data on two tracks – Track 1 contains the cardholder’s name and account number, while Track 2 holds the the card’s number and expiration date.

Even now, most POS systems are based on Microsoft Windows rather than industry-specific proprietary solutions. This opens up a range of vulnerabilities because Windows remains a top target for cybercriminals seeking to inconvenience its considerable install-base.

More specifically, patch deployments – a critical part of the Windows security process – are often slow for POS systems. Vendors have to undergo approval processes each time they issue widespread updates in order to comply with government and industry regulations. Accordingly, some vulnerabilities slip through the cracks.

Moreover, the ongoing reliance on magnetic stripe puts users at risk, especially since more secure alternatives are available. Europay MasterCard Visa technology, which uses secure microchips, has caught on outside North America, but adoption likely won’t take take off in the U.S. until 2015.

Protecting POS systems and retail operations from malware and botnets
The brittleness of POS systems has made them opportune targets for malware and botnets. Threats such as the Dexter malware can steal Track 1 and Track 2 data and relay it to command-and-control servers. Botnets help attackers by giving them more resources and greater anonymity when conducting campaigns.

Staying safe from malware and system outages is a matter of having the right software solutions and policies. With retail operations now in cybercriminals’ sights, merchants can protect themselves with reboot to restore software, which clears out malware, bad configurations and damage caused by crashes or slowdowns.

Accordingly, retailers can spend less time and money on support operations to rectify the situation, freeing them up to focus on business operations instead. The stakes for protecting assets are high, as the Target breach may have compromised far more users than previously estimated. More than one-third of the U.S. population could be affected by the attack, which resulted in theft of email and mailing addresses, phone numbers and names. The retailer initially stated that only 40 million individuals may have been affected.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.