POS Intrusions

A POS Intrusion is an attack that happens at the Point-of-Sale device. The POS device in retail stores process credit card transactions at check out. Newer devices allow you to Tap or Insert your credit card to charge you for your mechandise.  Older POS terminals still require you to swipe your magnetic strip,to complete the sale. Most PoS devices run a variant of Windows and Unix. Malware can run on either of these operating systems allowing hackers to steal your credit card information.

Modern POS devices (tap and insert) encrypt the data received from the chip on your credit card before sending it out of the POS device itself to a Merchant underwriting vendor who validates the card is good and sends back a yes (approved) or no (declined) message to the retail store’s Point of sale software which records the transaction and prints a receipt.

Older POS devices read from the magnetic strip on the back of the card, do not encrypt the information collected, and send it for approval or denial.  These POS devices are much easier to steal from than the more modern Tap and Insert devices.

Apple Pay and Google Pay go one step further by providing a dummy credit card number to the POS device which is sent to a merchant underwriter for clearing.  That merchant has the original credit card number onfile for processing and tables to match the fake or dummy card number to the individual making the purchase in question. This convoluted approach to credit card transactions is the most secure method in use today because it protects the actual original card number of the card owner from ever being witnessed in a credit card transaction local to the retail store thus preventing the ability for hackers to steal the credit card number.

Source: TrendMicro

Additional Reading: A First Look at the Target Intrusion, Malware

Why Google Pay and Apple Pay are More Secure than traditional Credit Cards

Related Terms: Malware, Encryption

How can you defend against POS Intrusion Attacks?

POS Intrusions are a large concern for retailers who can lose a significant amount of business during and after a breach.  Retailers should upgrade their POS systems to contactless (RFID capable) devices which encrypt the Credit card information before leaving the POS device and sending it for approval to a merchant underwriter.  As of Oct. 2018, liability shifted from the merchant underwriters to any retailer who had not upgraded their POS devices to Tap, Chip, and Pin capable ones. Consumers should check their credit card statements regularly for fraud. Many credit card companies, Capital One for example, have identity theft monitoring tools that will notify you the second a purchase is made that doesn’t align with your purchasing patterns. Being vigilant will help you identify problems quickly and put a stop to them immediate.  Unlike debit cards which can take weeks to recover stolen monies, credit card vendors have a restore the funds first and prove fraud second mentality which means consumers can easily recover any fraud with the ease of a single quick phone call. Credit cards are safer for fraud recovery, but arguably encourage people to spend more than when using debit cards.  That’s a decision CyberHoot cannot advise you on.

To learn more about POS Attacks, watch this short 2 minute video:

https://www.youtube.com/watch?v=n6zixRxBeGs

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Sign Up Today!