With digitization and cash-less transactions gaining momentum in India, shoppers using credit cards and debit cards for buying goods via online or at POS terminals installed at mom-and-pop stores should be more careful as with every swipe of their cards or voluntary disclosure of personal data, they are putting themselves at great risk of losing hard earned money to the unscrupulous data thieves.
Vulnerable POS Terminals
With innumerable number of shopping malls and other retail enterprises storing sensitive personal data such as credit/debit card information in their backyard, data pilferages can be effectively carried out by professional hackers who can plant suitable malware in POS systems if retailers do not have secured and highly effective firewalls to protect such unauthentic external intrusions.
But the reality is worrisome. However strong anti-malware tool one may have, people can still find ways to extract personal data from the POS systems without being caught. According to a recent analysis by a leading American retail software analytical firm, even from top ranking American malls such as Home Depot, Target, Sonic and Whole Foods, to small grocery and brick-and-mortar stores are unsafe and un-secured.
Despite many best practices, POS system breaches continue to worry customers and retailers. The presence of huge debit/credit card data makes POS systems an attractive and profitable place for malware planters and hackers. Retailers need to strengthen their system with the latest technology by fortifying their systems against the possible malware threats.
How to strengthen POS systems
The raise of credit card and digital payment has made more retailers discarding traditional cash registers and opt for new, advanced POS system which runs suitable retail POS software and has hardware components such as cash drawers, touch screen monitors, POS receipt printers, barcode scanners, barcode printers, label printers, pole displays, to name a few.
Restaurant, Retail and Hospitality businesses, among retailers, predominantly use retail POS software to execute sales quickly, monitor sales data, cash flow, manage inventory and other related analytical activities.
"Organized gangs are so well equipped that they can easily overrun any restaurant and hospitality point-of-sale system in India. Even the much advanced US retailers are struggling to keep their customer data secure. It is worrisome that we have still not made our POS systems strong enough to thwart any possible attacks by illegal data extractors or malware intrusions," says Karthik Anbarasan, a software analyst who has expertise in retail software business.
POS Becomes an Easy Target
When compared to other cybercrimes, stealing card data from POS systems is the easiest to monetize. Once a POS system is compromised, hackers sell sensible personal data to card shops or any underground forums, informs an analyst from FireEye, a cyber security agency.
Hackers, apart from stealing card numbers and PIN, also extract sale transaction details with personal email IDs, names, addresses and zip codes. So, how to protect POS systems from malware attacks?
Attackers need just a small opening to enter and execute their wicked plan. And this small gap, more often than not, is made due to overlooked details, human errors or failure to update the system.
How to Prevent Data Theft
So, the onus is on retail businesses to follow all basic protection exercises such as training employees, updating systems, finding risk factors and closing the vulnerable points to reduce the risks.
Network segmentation is one of the proven ways to limit malware threats, as it separates the business network from the card data storage locale linked to POS systems. As systems are not connected together, retail businesses can lessen the threat perceptions of losing sensitive customer data. For customers, they should not use their cards where they feel that the POS terminals are unsecured and also keep changing their PIN as often as possible.