4 Common Mobile Point of Sale (POS) Security Issues Affecting Retailers That POS Providers Need to Act On

As mobile point-of-sale applications and systems are picking up speed at retailers around the world replacing traditional one, they become appealing targets for cybercriminals allured by the amount of consumer data entered in POS systems whether through unauthorized access, mobile malware or hacking the backend.

The benefit for cybercriminal is clear. The hack one point-of-sale application and grab a hold of hundreds of thousands or millions of credit/debit cards from many shoppers. They exploit a compromised point-of-sale application of a retailer and get their hands on multiple point-of-sales applications and systems operated by this one retailer in multiple locations. As mobile point-of-sale applications and systems become more and more popular and start to replace traditional methods, they are becoming a tempting target for cybercriminals. With so much consumer data entered into POS systems, hackers seek to gain that information in a variety of ways, from unauthorized access, to mobile malware, to hacking the backend.

By hacking just a single point-of-sale application, cybercriminals can gain hundreds of thousands, or even millions, of credit and debit card details from shoppers, which they can then use fraudulently, or even sell on to others. They often exploit compromised point-of-sale applications from retailers and then get their hands on multiple point-of-sale applications and systems operated by the same retailer across multiple locations. As you can see, then, the impact of this can be enormous and leaves the retailer legally liable for what has happened.

In this article, we’ll look at the four most common point-of-sale security issues.

1. Unauthorized access to point-of-sale application

Fraudsters exploit mobile point-of-sale apps to steal personal and sensitive information such as credit or debit card information. They then use these to make fraudulent purchases, which results in both financial losses and damaged credit standings for unsuspecting customers.

It’s a fact that customers are more likely to buy from retailers that they believe protect their information. Compromised retailers suffer far-reaching consequences from point-of-sale hacks, as their customers may switch to other retailers. That’s not to mention enduring a burden of a potential lawsuit, which could leave the company substantially out of pocket.

Combating this fraud is therefore of crucial importance to point-of-sale vendors because it can threaten the very existence of the business itself, and has a devastating impact on retailers, the core customer of point-of-sale vendors.

It is vital for point of sale vendors to improve the security of point of sale applications and to make it easier to identify suspicious and fraudulent POS transactions and act on them to protect shoppers’ sensitive data.

2. Malware targeting point-of-sale application

Mobile malware is quickly becoming one of the main ways that cybercriminals steal payment card details. Malware is used to obtain sensitive information, and in some cases to even steal money directly from bank accounts. Retailers are vulnerable to point-of-sale malware attacks and remain so until they implement the right security technology to strengthen their point-of-sale applications.

An effective application security technology should be able to detect malware, tampering, rooted/jailbroken point of sale devices, and more, so that point-of-sales providers can act before it’s too late. The right application security technology needs to include a feature that alert retailers and POS providers when it is not safe to use mobile POS devices for making payments or performing other electronic transactions.

3. Cyberattacks against the point-of-sale application backend system

A point-of-sale application running on a smartphone, a tablet or a mobile device is only a single component in a full, intricate point-of-sale system. The majority of business transactions are processed on the server’s side. That means most cyberattackers use the entry point from the point-of-sale application to the server to begin their attack on internal business systems.

Once the cyberattackers get inside the data center of POS vendors or retailers, not only can they access the compromised POS application, but also all other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and countless large-scale security breaches have been caused by this method.

Therefore, it is essential that this entry point is kept secure and protected. Point-of-sale application backend systems and other business systems hosted in the data center need to be shielded from direct internet exposure. Otherwise, hackers could easily exploit a single weakness to access numerous POS retail apps.

For retailers to trust a mobile point of sale application, they need to feel comfortable operating mobile POS apps without the risk of having their internal business systems hacked and risk being sued by affected customers.

4. Business disruption due to poor unavailability of point-of-sale applications

Retailers not only want their business and customer data to be kept safe, but also expect that there will be no disruption to their business caused by cyberattacks or technical downtime with their point of sale applications. Retailers want to operate point of sale applications in a secure, reliable way, and prevent attacks before they even happen. For this to happen, the ideal point of sale application needs to not only boast strong POS security technology but also feature a reliable security monitoring and incident response service. This service should alert IT personnel- either in-house or outsourced to a third-party outsource- when there is a breach, and also monitor POS application-related activities, detect and flag up threats, and provide real-time responses to any problems.

Having a reliable POS security monitoring and incident response service in place help POS providers to assure their retailer customers, and give them a peace of mind as they process countless of data transactions via point-of-sale applications.

If you are a provider and operator of POS application, you want to pay attention to these four common security issues affecting point-of-sale applications. If you make sure that each of them is covered, then you can rest assured that your POS application is secure, and you putting yourself at unnecessary risk of cyberattacks.

To find out how we helped O2, a large Telco, build and operate a secure large-scale mobile POS system which became the fastest selling and most used POS system in the Czech Republic, read our customer success story. Alternatively, get in touch with us directly to request a FREE Demo of our POS system management solution and learn how it can help you manage your POS system more effectively and reduce unnecessary support overheads.

About the Author

Cindy Dam

TeskaLabs’ Marketing & Community Manager, Cindy Dam, has a penchant for hacking and storytelling. When she's not reading and writing about cyber hacking, she reads, writes, and comes up with mind and travel hacks.

You Might Be Interested in Reading These Articles

Is There A Network Protocol for Your Mobile Apps That Offers A Higher Security Level While Consuming Less Bandwidth Than HTTPS? Yes, There Is

For mobile apps or websites that don’t have logins, forms or features to extract data, you don’t need secure access. For banking websites, mobile apps and mobile banking services, without a doubt, secure communication is a must. But nothing is ever black and white.

Continue reading ...

tech security

Published on September 13, 2016

Binary distributions of OpenSSL static libraries

The official source of OpenSSL software is the OpenSSL website. One can download OpenSSL source codes archives and compile them for a given platform. The compilation work can sometimes be quite tedious, especially for exotic platforms. We, at TeskaLabs, set up this page because we frequently compile OpenSSL for various platforms for our internal purposes and this may save some time to other developers.

Continue reading ...

development android windows ios security

Published on July 20, 2017

C-ITS: The European Commission is updating the list of the Root Certificates

23rd April 2021 marks the release of the fifth edition of the European Certificate Trust List (ECTL). This was released by the Joint Research Centre of the European Commission (EC JRC), and is used in Cooperative Intelligent Transport Systems (C-ITS). It is otherwise known as the L0 edition release, intended for use primarily in test and pilot deployments. Currently these activities are primarily European and focus on fields such as intelligent cars and road infrastructure.

Continue reading ...

press automotive c-its v2x security

Published on May 06, 2021