MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

How to Avoid Point-Of-Sale (POS) Malware Attacks

Posted January 22, 2014by Hunter Smith

It’s common to think of malware as primarily targeting databanks; while that’s definitely true, hackers also commonly attack Point of Sale (POS) systems. This could be hardware-based, such as tampering with the physical device that consumers swipe their cards through, or could be an attack on the data that’s captured with that swipe from the software side. POS systems are used so frequently that it’s rare for a person to think twice about safety concerns when using one. Yet the recent Target security breach is an excellent reminder that it’s always wise to take extra precautions, no matter how large or small the retailer might be.

Understanding POS Vulnerabilities

As the credit or debit card is swiped through the POS, the data stored on its magnetic strip is transmitted for processing. The types of available data are broken into Track 1 and Track 2 (there is also Track 3 data, but this is rarely used). Both Track 1 and Track 2 data contain sensitive information like account number, credit card number, cardholder name and expiration date. If one track is unreadable due to hardware/software limitations or physical card damage, then the other track may be used.

There are a two basic ways hackers target POS systems:

  • Skimmers are physical devices that are attached to the POS system. An example of this would be a false card reader installed over the top of the actual card reader. This allows cyber hackers to easily harvest pertinent data, which can be used for fraudulent purchases and other activity.
  • Malicious software collects cardholder data in its raw form from the back end rather than using physical means. This is possible because POS systems typically require some type of connection to the Internet in order to receive updates and transmit encrypted data.

Hackers benefit more when they’re able to collect high volumes of data from multiple consumers in a short period of time, which means major merchants remain a popular target for POS attacks, especially at the holidays and other busy shopping seasons.

Taking Precautions

Both consumers and merchants can (and should) take steps to limit unauthorized access at POS systems:

  • Consumers should change PINs regularly. Additionally, many credit card companies and even issuers of debit cards may offer protection specifically against fraudulent purchases and activity.
  • Restrict access at the back end. Installation of any POS should never use the default password; new passwords should be strong and changed regularly. You should restrict Internet access to your POS terminals so that only POS-related activities are conducted online and not general Internet use. Additionally, remote access to POS systems should not be allowed, as these increase the chance that your terminals are exposed to security threats.
  • Implement appropriate security measures, like a firewall and antivirus software, which can help prevent unauthorized access and identify potentially harmful programs. Make sure regular updates are made to your antivirus software.
  • Keep POS software updated and maintain monitored access. Missing software patches and outdated software applications are ripe for cyber attacks. Just like a regular computer, POS systems are more vulnerable when they’re not kept up to date with required downloads. Also, access to POS systems should be restricted to authorized personnel only in order to prevent inadvertent online exposure.

While consumers may be able to minimize the impact of a data breach through programs or services offered by their credit or debit card providers, it’s much simpler to prevent attacks in the first place at the retailer level. Using the above tips can help keep you prepared, but always make sure to stay up to date with your software, and your knowledge, of the latest security threats.

Discover the latest crypto ransomware threats and how to protect your end users


As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus