4 Common Mobile Point of Sale (POS) Security Issues Affecting Retailers That POS Providers Need to Act On
As mobile point-of-sale applications and systems are picking up speed at retailers around the world replacing traditional one, they become appealing targets for cybercriminals allured by the amount of consumer data entered in POS systems whether through unauthorized access, mobile malware or hacking the backend.
The benefit for cybercriminal is clear. The hack one point-of-sale application and grab a hold of hundreds of thousands or millions of credit/debit cards from many shoppers. They exploit a compromised point-of-sale application of a retailer and get their hands on multiple point-of-sales applications and systems operated by this one retailer in multiple locations. As mobile point-of-sale applications and systems become more and more popular and start to replace traditional methods, they are becoming a tempting target for cybercriminals. With so much consumer data entered into POS systems, hackers seek to gain that information in a variety of ways, from unauthorized access, to mobile malware, to hacking the backend.
By hacking just a single point-of-sale application, cybercriminals can gain hundreds of thousands, or even millions, of credit and debit card details from shoppers, which they can then use fraudulently, or even sell on to others. They often exploit compromised point-of-sale applications from retailers and then get their hands on multiple point-of-sale applications and systems operated by the same retailer across multiple locations. As you can see, then, the impact of this can be enormous and leaves the retailer legally liable for what has happened.
In this article, we’ll look at the four most common point-of-sale security issues.
1. Unauthorized access to point-of-sale application
Fraudsters exploit mobile point-of-sale apps to steal personal and sensitive information such as credit or debit card information. They then use these to make fraudulent purchases, which results in both financial losses and damaged credit standings for unsuspecting customers.
It’s a fact that customers are more likely to buy from retailers that they believe protect their information. Compromised retailers suffer far-reaching consequences from point-of-sale hacks, as their customers may switch to other retailers. That’s not to mention enduring a burden of a potential lawsuit, which could leave the company substantially out of pocket.
Combating this fraud is therefore of crucial importance to point-of-sale vendors because it can threaten the very existence of the business itself, and has a devastating impact on retailers, the core customer of point-of-sale vendors.
It is vital for point of sale vendors to improve the security of point of sale applications and to make it easier to identify suspicious and fraudulent POS transactions and act on them to protect shoppers’ sensitive data.
2. Malware targeting point-of-sale application
Mobile malware is quickly becoming one of the main ways that cybercriminals steal payment card details. Malware is used to obtain sensitive information, and in some cases to even steal money directly from bank accounts. Retailers are vulnerable to point-of-sale malware attacks and remain so until they implement the right security technology to strengthen their point-of-sale applications.
An effective application security technology should be able to detect malware, tampering, rooted/jailbroken point of sale devices, and more, so that point-of-sales providers can act before it’s too late. The right application security technology needs to include a feature that alert retailers and POS providers when it is not safe to use mobile POS devices for making payments or performing other electronic transactions.
3. Cyberattacks against the point-of-sale application backend system
A point-of-sale application running on a smartphone, a tablet or a mobile device is only a single component in a full, intricate point-of-sale system. The majority of business transactions are processed on the server’s side. That means most cyberattackers use the entry point from the point-of-sale application to the server to begin their attack on internal business systems.
Once the cyberattackers get inside the data center of POS vendors or retailers, not only can they access the compromised POS application, but also all other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and countless large-scale security breaches have been caused by this method.
Therefore, it is essential that this entry point is kept secure and protected. Point-of-sale application backend systems and other business systems hosted in the data center need to be shielded from direct internet exposure. Otherwise, hackers could easily exploit a single weakness to access numerous POS retail apps.
For retailers to trust a mobile point of sale application, they need to feel comfortable operating mobile POS apps without the risk of having their internal business systems hacked and risk being sued by affected customers.
4. Business disruption due to poor unavailability of point-of-sale applications
Retailers not only want their business and customer data to be kept safe, but also expect that there will be no disruption to their business caused by cyberattacks or technical downtime with their point of sale applications. Retailers want to operate point of sale applications in a secure, reliable way, and prevent attacks before they even happen. For this to happen, the ideal point of sale application needs to not only boast strong POS security technology but also feature a reliable security monitoring and incident response service. This service should alert IT personnel- either in-house or outsourced to a third-party outsource- when there is a breach, and also monitor POS application-related activities, detect and flag up threats, and provide real-time responses to any problems.
Having a reliable POS security monitoring and incident response service in place help POS providers to assure their retailer customers, and give them a peace of mind as they process countless of data transactions via point-of-sale applications.
If you are a provider and operator of POS application, you want to pay attention to these four common security issues affecting point-of-sale applications. If you make sure that each of them is covered, then you can rest assured that your POS application is secure, and you putting yourself at unnecessary risk of cyberattacks.
To find out how we helped O2, a large Telco, build and operate a secure large-scale mobile POS system which became the fastest selling and most used POS system in the Czech Republic, read our customer success story. Alternatively, get in touch with us directly to request a FREE Demo of our POS system management solution and learn how it can help you manage your POS system more effectively and reduce unnecessary support overheads.
Data encryption tool for GDPRMore information
You Might Be Interested in Reading These Articles
In just the past 12 months, we’ve come across 100 mobile app projects at different phases. We’ve had conversations with more than 300 professionals active in the enterprise mobility space. We asked questions and uncovered the underlying problem that caused the current miserable state of mobile application security. It sucks. The answer doesn’t lie in technology but in us.
Published on May 19, 2016
We know that backend security is important, but what exactly constitutes the “backend?” To put it simply, the backend is the portion of a website, web application, or mobile application that exists behind the scenes. By contrast, the “frontend” of an application is everything that the user interacts with. This includes design features in the website or application, links, transactions, images, content, and others.
Published on October 06, 2015
TalkTalk, one of the largest providers of broadband and phone service in the UK, has recently admitted to being the victim of a large cyberattack. For those in the United States or in another country where TalkTalk’s influence isn’t as widespread, it could be considered on the same level as a Verizon or an AT&T data breach.
Published on November 10, 2015