POS Security Hacks: How to Keep the Bad Guys Out, Sensitive Data In
In 2013 corporations saw an unprecedented amount of cyber-attacks from hackers and fraudsters. Hackers were able to successfully shut down websites, tamper with and steal enterprise intellectual property, and fraudulently obtain sensitive customer data. Well-established organizations saw their brand reputation take a hit and consumer confidence in their organizations shrink exponentially.
Most recently, a high-profile retail company announced that 40 million of its U.S. customers had their debit and credit card information exposed and stolen. Simply put, security breaches such as this do not need to happen.
While complete details surrounding this particular security breach are unknown, one can speculate as to how such an attack was carried out. One likely scenario is that the fraudsters were able to infiltrate the retailer’s Card Processing Server and distribute malicious POS software to store point-of-sale machines, and then breach one or more servers within the Data Center to be used as a central repository for data transmitted from infected point-of-sale devices. The criminals then stole customers’ debit and credit card information. It appears that the bad guys were able to infiltrate the perimeter defense, compromise equipment, obtain sensitive data, stage data on an insecure server for collection, and then exfiltrate that data through the Internet.
Organizations are bracing for a rather tumultuous year of cyber-attacks. They can counter these attacks using an advanced, innovative security approach, one that is designed to protect sensitive, mission-critical data. Unisys Stealth™ uses advanced cloaking techniques to render endpoints undetectable on a network and segregates and establishes secure, trusted communities of interest (COI) that protect an organization’s sensitive assets. How could an innovative security solution like Stealth help retailers and other organizations that are concerned about the security of their POS systems? Unisys Stealth can:
- Cloak card processing servers and applications from attackers and non-essential employees so systems are not discoverable. Stealth-enabled POS systems will not accept input or commands from non-Stealth POS or other non-COI devices, which can help prevent malicious code from being installed on POS systems.
- Separate sensitive processing systems from other corporate systems that have access to the global Internet. Quarantining processing systems from access to the Internet shuts down one of the biggest pathways used to steal data.
- Cloak POS devices in stores, protecting them from bad guy discovery, and preventing their data from being sent places it doesn’t belong.