Sketchy Checkout: How PoS Malware Could Be Putting Your Card Data At Risk

Most of us consider high-street shopping safer than shopping online, but what if using your credit or debit card to pay for items was putting you at risk?

New research has found that a shockingly high number of retailers are putting themselves and their customers at risk thanks to compromised Point of Sale (PoS) terminals, which can be infected with malware which steals customer data.

To find out more, TechWeekEurope spoke to Charles Henderson, VP of managed testing at Trustwave, to what retailers can do to stay safe and find out how bad the situation is.

At risk

The initial prognosis, it seems, is not good.

“We’re playing a game of’ ‘how many fingers can we stick in the dam?’” Henderson says, “And the big issue is not the latest strain of malware, it’s how the malware is getting on your PoS in the first place.”

Awareness and prevention need to be the watchword for retailers, Henderson says, as PoS terminals generally have, “a very very low bar” of security, leaving many merchants at risk of attack.

This is most notably seen through the fact that 90 percent of terminals tested by Trustwave still have the default six-digit password set up when they left the factory – a shocking statistic when it was seen that most of these were made in the mid-1990s.

“(The terminals) haven’t been tested in the same way that the attackers are testing them,” says Henderson, “it’s not like the hackers are going to the ends of the earth to get malware on these machines.”

Staying safe

“Security is not where it should be,” Henderson says, noting that 90 percent of retailers admitted to never having testing their PoS terminals for security, “no-one is paying attention to security.”

Hackers are able to install malware easier than ever before, and with less interaction, as criminals don’t even need to be in a store to remotely install malicious software.

“The security posture of the PoS industry is not where it should be,” Henderson notes, “it’s far too easy to get malware onto these systems.”

He’s recommending a multi-prong approach to ensure retailers become less of a target. Better in-house testing is a start, to eliminate the low-hanging fruit, but network segmentation, anti-malware tools and penetration testing can also be invaluable.

This wouldn’t mean huge expenditure either, as often only a single device would need to be tested if a business uses the same tools across all their operations.

Although more extensive testing by vendors would also help, as often this is taken up by lots of compliance testing.

“People think that, because I’m compliant I’m secure-that’s just not true,” Henderson says.

“There’s often a sense of paralysis in the security industry when you’re faced with a daunting task…it’s like facing from the bottom of a mountain, looking up, and the mountain looks so tall that you don’t start climbing.”

“Until you start climbing, you will not reach the top.”

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

8 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

9 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

10 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

11 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

12 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

13 hours ago