With digitization and cash-less
transactions becoming the norm of life for Indian shoppers who invariably use credit
or debit cards and UPI/online transactions for buying things through line shopping
sites or POS terminals installed at mom-and-pop stores, should be more careful
as with every swipe of their cards or voluntary disclosure of personal data,
they are putting themselves at great risk of losing hard earned money to the
unscrupulous data miners.
Vulnerable POS Terminals
With innumerable number of shopping malls
and other retail enterprises storing sensitive personal data such as
credit/debit card information in their backyard, data pilferages can be
effectively carried out by professional hackers who can plant suitable malware
in POS systems if retailers do not have secured and highly effective firewalls
to protect such unauthentic external intrusions.
But the reality is worrisome. However
strong anti-malware tool one may have, people can still find ways to extract
personal data from the POS systems without being caught. According to a recent
analysis by a leading American retail software analytical firm, even from top
ranking American malls such as Home Depot, Target, Sonic and Whole Foods, to small
grocery and brick-and-mortar stores are unsafe and un-secured.
Despite many best practices, POS system
breaches continue to worry customers and retailers. The presence of huge debit/credit
card data makes POS systems an attractive and profitable place for malware
planters and hackers. Retailers need to strengthen their system with the latest
technology by fortifying their systems against the possible malware threats.
How to strengthen POS systems
The raise of credit card and digital
payment has made more retailers discarding traditional cash registers and opt
for new, advanced POS system which runs suitable retail POS software and has
hardware components such as cash drawers, touch screen monitors, POS receipt
printers, barcode scanners, barcode printers, label printers, pole displays, to
name a few.
Restaurant, Retail and Hospitality
businesses, among retailers, predominantly use retail POS software to execute
sales quickly, monitor sales data, cash flow, manage inventory and other
related analytical activities.
"Organized gangs are so well equipped
that they can easily overrun any restaurant and hospitality point-of-sale
system in India. Even the much advanced US retailers are struggling to keep
their customer data secure. It is worrisome that we have still not made our POS
systems strong enough to thwart any possible attacks by illegal data extractors
or malware intrusions," says Karthik Anbarasan, a software analyst who has
expertise in retail software business.
POS Becomes an Easy Target
When compared to other cybercrimes,
stealing card data from POS systems is the easiest to monetize. Once a POS system
is compromised, hackers sell sensible personal data to card shops or any underground
forums, informs an analyst from FireEye, a cyber security agency.
Hackers, apart from stealing card numbers
and PIN, also extract sale transaction details with personal email IDs, names,
addresses and zip codes. So, how to protect POS systems from malware attacks?
Attackers need just a small opening to
enter and execute their wicked plan. And this small gap, more often than not,
is made due to overlooked details, human errors or failure to update the
system.
How to Prevent Data Theft
So, the onus is on retail businesses to follow
all basic protection exercises and protocols such as training employees, updating
systems, finding risk factors and closing the vulnerable lose ends to reduce
the risks.
Network segmentation is one of the proven ways
to limit malware threats, as it separates the business network from the card
data storage locale linked to POS systems.
As systems are not connected together, retail
businesses can lessen the threat perceptions of losing sensitive customer data.
For customers, they should not use their
cards where they feel that the POS terminals are unsecured and also keep
changing their PIN as often as possible.