Security in POS systems

Posted by Jim Walker

The security of pos systems has improved but still needs further refinements. The main sectors concerned include hotel and restaurant services and retail businesses.

Know about the POS Payment system security

POS payment systems continue to be subjected to cyber-attacks perpetrated by a growing variety of malware. Experts in computer security from Arbor Networks recently analyzed FlokiBot, a variant of the Zeus trojan used by the attackers to hit the banking systems. The Zeus malware was created around 2009 and spawned numerous versions and variants in the following years. The spread of Zeus proves that it is a well-proven platform that cybercriminals continue to rely on to create new malware targeting the banking sector.

Since 2013, the defense of pos systems has become a priority for cybersecurity teams. According to a Report, cybercriminals’ lives are getting harder and harder. “Both targeted petty thefts and attacks against large organizations leveraged static single-factor authentication systems. The attackers had to hone their weapons and work hard to compromise valid, non-default credentials with which to access IT environments. Furthermore, they have started to transmit stolen credentials from network support points rather than directly from the Internet.

Therefore, ensuring the security of the payment system in POS is imperative.

Recommendations for the security of POS systems

The security of pos systems has improved but still needs further refinements. Cybercriminals continue to innovate attack strategies as the stakes are always very high. All organizations, regardless of size, are encouraged to seriously consider conducting a thorough security analysis of the POS systems infrastructure to identify any existing compromises and to strengthen defenses against an adversary that continues to grow and expand its attacking skills. A good place to start is PCI-DSS compliance.

Business partners: A basic security measure is to reduce the threat front, with a focus on business partners: 97% of breaches with credential theft exploit legitimate access attributed to a business partner.

Dedicated machines: The machine running the POS software must be dedicated solely to this activity. It also needs to be hardened prior to commissioning to reduce the presence of open ports and limit application usage by allowing only those absolutely necessary for core functionality.

Strict connectivity to the internet: Connectivity must be subjected to strict controls, establishing a basic parameter of legitimate traffic that allows you to identify anomalous traffic and generate an alarm.

The voice of traffic: An effective monitoring system must be implemented, with the aim of identifying suspicious traffic coming or going to POS machines on the internal network and suspicious traffic coming or going to support systems or systems considered safe by the POS infrastructure.

Vigilance: After thorough testing, anti-malware applications should be aggressively used on POS machines to identify potential unknown malware.

Conclusion: Organizations need to employ multiple sensitive infrastructure monitoring techniques to identify unusual host and network activity. The classes of risk and complexity are variable, and the security activities can be more or less difficult depending on the functionality and segmentation of the network/processes. If the network is not properly configured to allow traffic only where it is really needed, the number of systems that can turn into support points for data theft increases, and attackers, therefore, have more possibilities and places to hide their traffic in an effort to extend the depth and duration of their campaigns.

Leave a Reply