4 Common Mobile Point of Sale (POS) Security Issues Affecting Retailers That POS Providers Need to Act On
As mobile point-of-sale applications and systems are picking up speed at retailers around the world replacing traditional one, they become appealing targets for cybercriminals allured by the amount of consumer data entered in POS systems whether through unauthorized access, mobile malware or hacking the backend.
The benefit for cybercriminal is clear. The hack one point-of-sale application and grab a hold of hundreds of thousands or millions of credit/debit cards from many shoppers. They exploit a compromised point-of-sale application of a retailer and get their hands on multiple point-of-sales applications and systems operated by this one retailer in multiple locations. As mobile point-of-sale applications and systems become more and more popular and start to replace traditional methods, they are becoming a tempting target for cybercriminals. With so much consumer data entered into POS systems, hackers seek to gain that information in a variety of ways, from unauthorized access, to mobile malware, to hacking the backend.
By hacking just a single point-of-sale application, cybercriminals can gain hundreds of thousands, or even millions, of credit and debit card details from shoppers, which they can then use fraudulently, or even sell on to others. They often exploit compromised point-of-sale applications from retailers and then get their hands on multiple point-of-sale applications and systems operated by the same retailer across multiple locations. As you can see, then, the impact of this can be enormous and leaves the retailer legally liable for what has happened.
In this article, we’ll look at the four most common point-of-sale security issues.
1. Unauthorized access to point-of-sale application
Fraudsters exploit mobile point-of-sale apps to steal personal and sensitive information such as credit or debit card information. They then use these to make fraudulent purchases, which results in both financial losses and damaged credit standings for unsuspecting customers.
It’s a fact that customers are more likely to buy from retailers that they believe protect their information. Compromised retailers suffer far-reaching consequences from point-of-sale hacks, as their customers may switch to other retailers. That’s not to mention enduring a burden of a potential lawsuit, which could leave the company substantially out of pocket.
Combating this fraud is therefore of crucial importance to point-of-sale vendors because it can threaten the very existence of the business itself, and has a devastating impact on retailers, the core customer of point-of-sale vendors.
It is vital for point of sale vendors to improve the security of point of sale applications and to make it easier to identify suspicious and fraudulent POS transactions and act on them to protect shoppers’ sensitive data.
2. Malware targeting point-of-sale application
Mobile malware is quickly becoming one of the main ways that cybercriminals steal payment card details. Malware is used to obtain sensitive information, and in some cases to even steal money directly from bank accounts. Retailers are vulnerable to point-of-sale malware attacks and remain so until they implement the right security technology to strengthen their point-of-sale applications.
An effective application security technology should be able to detect malware, tampering, rooted/jailbroken point of sale devices, and more, so that point-of-sales providers can act before it’s too late. The right application security technology needs to include a feature that alert retailers and POS providers when it is not safe to use mobile POS devices for making payments or performing other electronic transactions.
3. Cyberattacks against the point-of-sale application backend system
A point-of-sale application running on a smartphone, a tablet or a mobile device is only a single component in a full, intricate point-of-sale system. The majority of business transactions are processed on the server’s side. That means most cyberattackers use the entry point from the point-of-sale application to the server to begin their attack on internal business systems.
Once the cyberattackers get inside the data center of POS vendors or retailers, not only can they access the compromised POS application, but also all other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and countless large-scale security breaches have been caused by this method.
Therefore, it is essential that this entry point is kept secure and protected. Point-of-sale application backend systems and other business systems hosted in the data center need to be shielded from direct internet exposure. Otherwise, hackers could easily exploit a single weakness to access numerous POS retail apps.
For retailers to trust a mobile point of sale application, they need to feel comfortable operating mobile POS apps without the risk of having their internal business systems hacked and risk being sued by affected customers.
4. Business disruption due to poor unavailability of point-of-sale applications
Retailers not only want their business and customer data to be kept safe, but also expect that there will be no disruption to their business caused by cyberattacks or technical downtime with their point of sale applications. Retailers want to operate point of sale applications in a secure, reliable way, and prevent attacks before they even happen. For this to happen, the ideal point of sale application needs to not only boast strong POS security technology but also feature a reliable security monitoring and incident response service. This service should alert IT personnel- either in-house or outsourced to a third-party outsource- when there is a breach, and also monitor POS application-related activities, detect and flag up threats, and provide real-time responses to any problems.
Having a reliable POS security monitoring and incident response service in place help POS providers to assure their retailer customers, and give them a peace of mind as they process countless of data transactions via point-of-sale applications.
If you are a provider and operator of POS application, you want to pay attention to these four common security issues affecting point-of-sale applications. If you make sure that each of them is covered, then you can rest assured that your POS application is secure, and you putting yourself at unnecessary risk of cyberattacks.
To find out how we helped O2, a large Telco, build and operate a secure large-scale mobile POS system which became the fastest selling and most used POS system in the Czech Republic, read our customer success story. Alternatively, get in touch with us directly to request a FREE Demo of our POS system management solution and learn how it can help you manage your POS system more effectively and reduce unnecessary support overheads.
Most Recent Articles
You Might Be Interested in Reading These Articles
While every company is drawn to answering big questions and making new discoveries, not everyone is excited about how to get there: securing money for growth. Even with billions spent on business research and development around the world, there is considerable competition for funds.
Published on November 01, 2018
The Real Impacts of General Data Protection Regulation (GDPR) to EU Companies That Operate Mobile Applications
The General Data Protection Regulation (GDPR) is a new EU regulation aimed at protecting the personal data of EU citizens. Because of the broad definition of “personal data”, GDRP impacts almost every EU company, as well as non-EU companies that exchange data with them. The regulation takes effect in May 2018, which is still a long way in the future, but the complex requirements mean that companies need to start planning and taking action now.
Published on December 06, 2016
The hack on the Italian-based firm Hacking Team revealed that exploiting is not just done by black hats and bad hackers but can be committed by a legitimate company. A dump of 400 gigabits email revealed that the company was involved in zero-day exploits.
Published on August 04, 2015