In our article, Why your EPoS is your worst enemy, we discussed the three most commonly used attack techniques used to steal data from PoS stations and the impact on business, brand name and customer service.
Thankfully the majority of the attack techniques used rely on security flaws that can be easily fixed.
In this guide, you'll learn how to quickly learn how to use several low cost techniques that will help defend your business from the most common threats on PoS terminals.
At time of writing, malware accounts for 24 per cent of all PoS data breaches. Fortunately, the way in which you protect your PoS system against malware is similar to how you protect your home PC/Laptop:-
Once you've installed your chosen anti-virus and anti-spyware software you're half-way to fully protecting your PoS system.
The majority of "hacks" on PoS systems are simple to pull off and rely on the user's ignorance rather than the hacker's skill and knowledge.
Here are some ways to remove the weaknesses hackers exploit:
Hackers can also access your systems through remote desktop applications that exploit vulnerabilities in the code to gain remote control over your PoS system, computer and network.
To minimise the risk of hacker's gaining access through remote desktop applications ensure that your applications are patched and have the latest update installed. Hackers also exploit the default settings of remote desktop applications so be sure to change the default settings for that as well.
Hacking and physical attacks are tied for the most used techniques to steal data however physical attacks require more skill and ability as a data thief will need to steal a PIN pad or quickly attached a skimmer or key logger to the device.
Once the thief has successfully struck the attack is harder to detect as it requires more than basic IT security knowledge to combat.
To reduce the chance and damage of a physical attack, follow these steps:
Another tactic used by data thieves is to social engineering techniques for example they could pose as PoS engineers and 'repair' your terminal. While repairing your terminal the hacker could use that opportunity to tamper with very components of your PoS system so do ensure that your staff challenge any repair engineer.
It may appear that we've provided you with a long todo list to minimise attacks to your network via a compromised EPoS system. However once implemented, the on-going maintenance will be relatively minimal. To recap the essential components:
By following these steps you will greatly reduce the risk of data theft and will ensure the safety of your customer's personal data.If this is of concern to your business and brand name, do read the three extra articles that focus on each of the attacks mentioned in this defence overview and other easy ways to mitigate the attacks.
Ultimately the business should have someone (employee or outside contractor) to ensure the security stance of the business.