In just the last few years, the retail and hospitality industries have been prime targets for a multitude of cyberattacks. Point of sale (POS) systems have been particularly vulnerable, with debit and credit card readers being targeted in an effort to steal confidential financial information. While some of the most well-known victims of cyberattacks on POS systems have included Target and Home Depot, restaurant chains Chipotle, Chilis, and Applebees were also affected recently as a result of malware.
According to recent research from Symantec, the data on those POS Systems is fetching top dollar on dark net marketplaces: “Threat actors are advertising access to POS systems at prices ranging from $12 for administrative access to one POS machine, to $60,000 for access to a large corporate network containing thousands of POS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.”
It’s not just large businesses that are at risk. Small business owners are just as vulnerable when it comes to malware on POS systems. When such an attack occurs, it can have a significant effect on the confidence of consumers about the safety of financial information at POS terminals, eventually affecting sales.
Steps to Prepare for and Reduce Your Risk of Exposure to a POS Cyberattack
While the increase in cyberattacks on POS systems can certainly be worrying to business owners, the good news is that there are steps that businesses can take to thwart cyber criminals from obtaining access to confidential financial data. A study by Accenture states, “Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense.”
One of the first and most important steps that businesses can take in the quest to protect their POS systems from cyberattacks is to take advantage of layers of defense. The Target breach, among the most widely publicized, began with an attacker using valid login credentials that had been previously authorized to a HVAC vendor. Whether or not the vendor inadvertently or willingly shared those credentials remains unclear.
The bottom line is that the login was authorized and authentic, thus giving the hacker the ability to attack the network with no resistance. While Target had an alerting system set up, it failed because both the login and the password used were on the approved list. For this reason, it is important to ensure that your merchants do not simply rely on a single point of evaluation to protect their system. Closing all of the possible security loops is essential to ensuring the highest level of protection and preventing their POS system from becoming vulnerable to cyberattacks.
Begin by making certain that your merchants have an incident response plan in place and that it is tested on a regular basis. In the event that they do become the victim of an attack, it is important to make sure they are able to respond quickly and appropriately. Doing so can help mitigate damage and prevent customers from losing confidence in that merchant.
While the number of cyberattacks on POS systems has been on the rise of late, taking a proactive approach can help you protect your merchant’s business and their customers from would-be hackers.
Back To Blog