New strains of malware are discovered every day. Mobile malware is becoming especially dangerous, as according to the Lookout Mobile Threat Report, this form of infection grew 75 percent between 2013 and 2014 with the rise in online and mobile payments. However, even with the growth in mobile malware, it’s still crucial for companies to make sure their on-premises computing systems are protected against fraud.
POS malware
One of the most dangerous forms of malware is the kind that can infiltrate payment systems and access or potentially steal credit card data from retailers and other companies. The Trump Hotel Collection found this out the hard way recently when its systems were infected by this type of strain. According to the official statement released by the company, the breach occurred between May 19, 2014 and June 2, 2015 – remaining undetected for a whole year. The malware impacted those customers who used credit or debit cards for purchases across the company.
Ars Technica’s Sean Gallagher reported that the type of malware that affected the Trump Hotel Collection could capture credit card swipe data at a point-of-sale system. The credit card scanners at gift shops, restaurants and front desk terminals were accessed, and some customers’ data was potentially stolen.
“For customers that used credit or debit cards to make purchases between May 19, 2014, and June 2, 2015, we believe that the malware may have affected payment card data including payment card account number, card expiration date and security code,” the official statement reported.
The company stated that during an investigation of the systems, it did not find that any data had been taken. However, it is offering a one-year complementary protection service to affected customers through Experian, which experienced its own data breach in September 2015 that potentially exposed credit card information of 15 million T-Mobile customers, according to eSecurity Planet.
Gallagher noted that Trump Hotels is just the latest in the list of hotel chains to have been hit by fraud this year, naming Mandarin Oriental Hotels and the White Lodging hotel management company as other victims.
Retailer woes continue
The payment system at Trump Hotels wasn’t the only one to have been infected by malware recently. Fred’s, a retail discount store chain that operates over 650 stores in the southeastern U.S., discovered that two of its servers had been infected by malware that collected payment card details, according to Computerworld contributor Jeremy Kirk. The malware was active from March 23, 2015 to April 8 on one of the servers and from March 23 to April 24 on the second.
While customers’ credit card data seemed not to have been removed from the system, this event also serves to highlight the importance of protecting payment systems and company servers from malware. Fred’s announced that it would be implementing stronger security measures against similar future events, but the fact remains that the breach had to take place to spur the reassessment of the business’s cybersecurity strategies.
What is the answer?
Situations like the ones faced by Trump Hotels Collection and Fred’s should be at the forefront of IT managers’ minds when considering what investments to make for the good of the computing systems of any company, large or small. The implementation of effective anti-malware programs is something that all businesses should consider carefully – before the breach occurs.
Investing in an anti-virus solution like Anti-Virus from Faronics could be your best course of action when it comes to protecting your customers’ confidential payment data. Anti-Virus offers layered security in the form of anti-spyware, anti-malware and other important programs that can help keep your POS computers clean.
Contact Faronics today to see how our solutions can strengthen cybersecurity of your POS systems.