4 Common Mobile Point of Sale (POS) Security Issues Affecting Retailers That POS Providers Need to Act On

As mobile point-of-sale applications and systems are picking up speed at retailers around the world replacing traditional one, they become appealing targets for cybercriminals allured by the amount of consumer data entered in POS systems whether through unauthorized access, mobile malware or hacking the backend.

The benefit for cybercriminal is clear. The hack one point-of-sale application and grab a hold of hundreds of thousands or millions of credit/debit cards from many shoppers. They exploit a compromised point-of-sale application of a retailer and get their hands on multiple point-of-sales applications and systems operated by this one retailer in multiple locations. As mobile point-of-sale applications and systems become more and more popular and start to replace traditional methods, they are becoming a tempting target for cybercriminals. With so much consumer data entered into POS systems, hackers seek to gain that information in a variety of ways, from unauthorized access, to mobile malware, to hacking the backend.

By hacking just a single point-of-sale application, cybercriminals can gain hundreds of thousands, or even millions, of credit and debit card details from shoppers, which they can then use fraudulently, or even sell on to others. They often exploit compromised point-of-sale applications from retailers and then get their hands on multiple point-of-sale applications and systems operated by the same retailer across multiple locations. As you can see, then, the impact of this can be enormous and leaves the retailer legally liable for what has happened.

In this article, we’ll look at the four most common point-of-sale security issues.

1. Unauthorized access to point-of-sale application

Fraudsters exploit mobile point-of-sale apps to steal personal and sensitive information such as credit or debit card information. They then use these to make fraudulent purchases, which results in both financial losses and damaged credit standings for unsuspecting customers.

It’s a fact that customers are more likely to buy from retailers that they believe protect their information. Compromised retailers suffer far-reaching consequences from point-of-sale hacks, as their customers may switch to other retailers. That’s not to mention enduring a burden of a potential lawsuit, which could leave the company substantially out of pocket.

Combating this fraud is therefore of crucial importance to point-of-sale vendors because it can threaten the very existence of the business itself, and has a devastating impact on retailers, the core customer of point-of-sale vendors.

It is vital for point of sale vendors to improve the security of point of sale applications and to make it easier to identify suspicious and fraudulent POS transactions and act on them to protect shoppers’ sensitive data.

2. Malware targeting point-of-sale application

Mobile malware is quickly becoming one of the main ways that cybercriminals steal payment card details. Malware is used to obtain sensitive information, and in some cases to even steal money directly from bank accounts. Retailers are vulnerable to point-of-sale malware attacks and remain so until they implement the right security technology to strengthen their point-of-sale applications.

An effective application security technology should be able to detect malware, tampering, rooted/jailbroken point of sale devices, and more, so that point-of-sales providers can act before it’s too late. The right application security technology needs to include a feature that alert retailers and POS providers when it is not safe to use mobile POS devices for making payments or performing other electronic transactions.

3. Cyberattacks against the point-of-sale application backend system

A point-of-sale application running on a smartphone, a tablet or a mobile device is only a single component in a full, intricate point-of-sale system. The majority of business transactions are processed on the server’s side. That means most cyberattackers use the entry point from the point-of-sale application to the server to begin their attack on internal business systems.

Once the cyberattackers get inside the data center of POS vendors or retailers, not only can they access the compromised POS application, but also all other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and countless large-scale security breaches have been caused by this method.

Therefore, it is essential that this entry point is kept secure and protected. Point-of-sale application backend systems and other business systems hosted in the data center need to be shielded from direct internet exposure. Otherwise, hackers could easily exploit a single weakness to access numerous POS retail apps.

For retailers to trust a mobile point of sale application, they need to feel comfortable operating mobile POS apps without the risk of having their internal business systems hacked and risk being sued by affected customers.

4. Business disruption due to poor unavailability of point-of-sale applications

Retailers not only want their business and customer data to be kept safe, but also expect that there will be no disruption to their business caused by cyberattacks or technical downtime with their point of sale applications. Retailers want to operate point of sale applications in a secure, reliable way, and prevent attacks before they even happen. For this to happen, the ideal point of sale application needs to not only boast strong POS security technology but also feature a reliable security monitoring and incident response service. This service should alert IT personnel- either in-house or outsourced to a third-party outsource- when there is a breach, and also monitor POS application-related activities, detect and flag up threats, and provide real-time responses to any problems.

Having a reliable POS security monitoring and incident response service in place help POS providers to assure their retailer customers, and give them a peace of mind as they process countless of data transactions via point-of-sale applications.

If you are a provider and operator of POS application, you want to pay attention to these four common security issues affecting point-of-sale applications. If you make sure that each of them is covered, then you can rest assured that your POS application is secure, and you putting yourself at unnecessary risk of cyberattacks.

To find out how we helped O2, a large Telco, build and operate a secure large-scale mobile POS system which became the fastest selling and most used POS system in the Czech Republic, read our customer success story. Alternatively, get in touch with us directly to request a FREE Demo of our POS system management solution and learn how it can help you manage your POS system more effectively and reduce unnecessary support overheads.

About the Author

Cindy Dam

TeskaLabs’ Marketing & Community Manager, Cindy Dam, has a penchant for hacking and storytelling. When she's not reading and writing about cyber hacking, she reads, writes, and comes up with mind and travel hacks.

You Might Be Interested in Reading These Articles

5 Cyber Threats eCommerce Websites Should Watch Out For

There are innumerable advantages to eCommerce. Businesses can make sales outside of business hours; they can reach customers over their own personal social media pages, and take advantage of people being more inclined to spend while they’re on the couch with a glass of wine rather than harassed in the changing room of a crowded store. However, with all of these advantages, there are also some inherent threats that could annihilate a business’ reputation.

Continue reading ...


Published on May 02, 2017

Distributed-Denial-of-Service (DDoS) Disrupted Gaming Industry During the Holiday - What You Need to Know

During the Christmas holiday, the Xbox and PlayStation networks at Sony and Microsoft game websites were taken down by a group of hackers called Lizard squad. This attack put thousands of users out of game playing. What a bummer huh? Originally, the FBI blamed the North Koreans for taking down the network--that is another story, but had since revised their assessment when the Lizard squad claimed responsibility for the attack.

Continue reading ...


Published on January 27, 2015

5 Things to Look for in an Enterprise Mobile Development Platform Solution

Today many enteprises are looking to have their own mobile applications. With the right solution, you can build a mobile app that will fit your organization’s needs like a glove and be in the driver’s seat of the development.

Continue reading ...

mobile development

Published on September 01, 2015