POS Data Breaches
What can be done?
Point of sale (POS) security is one of the most important parts of any business because POS Data Breaches are becoming more and more frequent. It is one of the most vulnerable areas of your company.
All our lives we have walked up to the register at our favorite stores and watch the cashier ring up our purchases, handed over our credit cards and never stopped to consider how much of our personal information was just recorded by these advanced and complex registers.
The registers of today are the same type of computers we use every day in our personal and professional lives. These computers are as vulnerable to malware, spyware, data breaches as the other computers we use, even more so because of how much personal data they collect from customers and transmit over the Internet to their main offices.
The news over the last several years has shown just how common and damaging data lost from these businesses POS system can be. It is estimated that in 2014 alone there were over 60 million records stolen. Target, Wendy’s and the US government are among the growing list of systems experiencing data breaches costing millions of dollars in credit card fraud, identity theft and reparations to the victims.
The chipped credit cards are one attempt to reduce credit card fraud. These card have a chip embedded in them that, when inserted into a new EMV Reader, encrypts the data and creates a one time pin that, if captured will give hackers only scrambled data. But these readers are not yet in all locations so these cards still have the vulnerable magnetic strips. Also these cards are just as vulnerable when used to shop online.
How is this data stolen?
Some of the ways our data is stolen is from the stores we frequent are as simple as an unattended register. A data thief simply walks up and downloads a malware program on the register that will send them all transactions from that day. A customer making a transaction on an infected register and with in a few hours they find their card has been used for other transactions by someone who has stolen their data.
Another method is called packet sniffing. A hacker can use a device or program called a Packet Sniffer that allows them to eavesdrop on data transferring between networked computers giving them the ability to capture the data and analyze it later giving them your personal data.
So what can be done to stop these Data Breaches?
There may never be a way to totally stop these data breaches but we all need to take all steps possible to reduce the treats to the data whether you are a business owner, employee or customer data security is everyone’s responsibility. Here are a few suggestions that can help.
1. Update to the new EMV card readers to reduce the risk from the transaction being captured.
2. Do not save paper copies of any customer data longer then necessary. Store the any copies in a secure location and shred the paperwork as soon as are finished with it.
3. Control access to your registers and computers by requiring unique passwords for each employee and make sure they are changed frequently.
4. Install anti-virus software and firewalls on all your computers and update them frequently. There is no room to compromise on the cost of these software tools. If you go cheap you may pay much more if your data is breached.
5. Never leave an unsecured computer or register unattended. If you or an employee must leave a register or computer they must log off before leaving.
6. Do not save the data on any system connected to the Internet for longer then necessary. Store the data in a secure location and delete it as soon as it is no longer reinvent.
7. Ensure that no data is copied or printed by employee’s with out permission and that that data is handled in a secure manor and that it is safely destroyed after use.
Sniffers: What They Are and How to Protect Yourself
Created: 25 Feb 2002 • Updated: 03 Nov 2010
15 Data Security Tips to Protect Your Small Business By Jennifer Schiff
Protect Your Business from a Data Security Breach by Anthony Sills