4 Common Mobile Point of Sale (POS) Security Issues Affecting Retailers That POS Providers Need to Act On
As mobile point-of-sale applications and systems are picking up speed at retailers around the world replacing traditional one, they become appealing targets for cybercriminals allured by the amount of consumer data entered in POS systems whether through unauthorized access, mobile malware or hacking the backend.
The benefit for cybercriminal is clear. The hack one point-of-sale application and grab a hold of hundreds of thousands or millions of credit/debit cards from many shoppers. They exploit a compromised point-of-sale application of a retailer and get their hands on multiple point-of-sales applications and systems operated by this one retailer in multiple locations. As mobile point-of-sale applications and systems become more and more popular and start to replace traditional methods, they are becoming a tempting target for cybercriminals. With so much consumer data entered into POS systems, hackers seek to gain that information in a variety of ways, from unauthorized access, to mobile malware, to hacking the backend.
By hacking just a single point-of-sale application, cybercriminals can gain hundreds of thousands, or even millions, of credit and debit card details from shoppers, which they can then use fraudulently, or even sell on to others. They often exploit compromised point-of-sale applications from retailers and then get their hands on multiple point-of-sale applications and systems operated by the same retailer across multiple locations. As you can see, then, the impact of this can be enormous and leaves the retailer legally liable for what has happened.
In this article, we’ll look at the four most common point-of-sale security issues.
1. Unauthorized access to point-of-sale application
Fraudsters exploit mobile point-of-sale apps to steal personal and sensitive information such as credit or debit card information. They then use these to make fraudulent purchases, which results in both financial losses and damaged credit standings for unsuspecting customers.
It’s a fact that customers are more likely to buy from retailers that they believe protect their information. Compromised retailers suffer far-reaching consequences from point-of-sale hacks, as their customers may switch to other retailers. That’s not to mention enduring a burden of a potential lawsuit, which could leave the company substantially out of pocket.
Combating this fraud is therefore of crucial importance to point-of-sale vendors because it can threaten the very existence of the business itself, and has a devastating impact on retailers, the core customer of point-of-sale vendors.
It is vital for point of sale vendors to improve the security of point of sale applications and to make it easier to identify suspicious and fraudulent POS transactions and act on them to protect shoppers’ sensitive data.
2. Malware targeting point-of-sale application
Mobile malware is quickly becoming one of the main ways that cybercriminals steal payment card details. Malware is used to obtain sensitive information, and in some cases to even steal money directly from bank accounts. Retailers are vulnerable to point-of-sale malware attacks and remain so until they implement the right security technology to strengthen their point-of-sale applications.
An effective application security technology should be able to detect malware, tampering, rooted/jailbroken point of sale devices, and more, so that point-of-sales providers can act before it’s too late. The right application security technology needs to include a feature that alert retailers and POS providers when it is not safe to use mobile POS devices for making payments or performing other electronic transactions.
3. Cyberattacks against the point-of-sale application backend system
A point-of-sale application running on a smartphone, a tablet or a mobile device is only a single component in a full, intricate point-of-sale system. The majority of business transactions are processed on the server’s side. That means most cyberattackers use the entry point from the point-of-sale application to the server to begin their attack on internal business systems.
Once the cyberattackers get inside the data center of POS vendors or retailers, not only can they access the compromised POS application, but also all other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and countless large-scale security breaches have been caused by this method.
Therefore, it is essential that this entry point is kept secure and protected. Point-of-sale application backend systems and other business systems hosted in the data center need to be shielded from direct internet exposure. Otherwise, hackers could easily exploit a single weakness to access numerous POS retail apps.
For retailers to trust a mobile point of sale application, they need to feel comfortable operating mobile POS apps without the risk of having their internal business systems hacked and risk being sued by affected customers.
4. Business disruption due to poor unavailability of point-of-sale applications
Retailers not only want their business and customer data to be kept safe, but also expect that there will be no disruption to their business caused by cyberattacks or technical downtime with their point of sale applications. Retailers want to operate point of sale applications in a secure, reliable way, and prevent attacks before they even happen. For this to happen, the ideal point of sale application needs to not only boast strong POS security technology but also feature a reliable security monitoring and incident response service. This service should alert IT personnel- either in-house or outsourced to a third-party outsource- when there is a breach, and also monitor POS application-related activities, detect and flag up threats, and provide real-time responses to any problems.
Having a reliable POS security monitoring and incident response service in place help POS providers to assure their retailer customers, and give them a peace of mind as they process countless of data transactions via point-of-sale applications.
If you are a provider and operator of POS application, you want to pay attention to these four common security issues affecting point-of-sale applications. If you make sure that each of them is covered, then you can rest assured that your POS application is secure, and you putting yourself at unnecessary risk of cyberattacks.
To find out how we helped O2, a large Telco, build and operate a secure large-scale mobile POS system which became the fastest selling and most used POS system in the Czech Republic, read our customer success story. Alternatively, get in touch with us directly to request a FREE Demo of our POS system management solution and learn how it can help you manage your POS system more effectively and reduce unnecessary support overheads.
Most Recent Articles
- Creative Dock, TeskaLabs, Indermedica, Czech Ministry of Industry and Trade and Line 1212 launch the indicative test for new COVID-19 coronavirus
- Cyber-health with a password and an antivirus program is not enough
- TeskaLabs at the ETSI 1st C-V2X Plugtest
- TeskaLabs has become a leader of Mobile Healthcare applications in the Health (in) Future Platform
- TeskaLabs at the ETSI 7th CMS Plugtest validating C-ITS security
You Might Be Interested in Reading These Articles
Apple will want to dominate the market for TV apps. To achieve this objective, it’s understandable that Apple makes it easy for app developers to create apps and games for the Apple TV platform using tvOS and profit from them just as they have already done so for the iPhone and iPad devices. Developers can leverage similar frameworks and technologies since tvOS is just a modified version of the iOS. They can even retrofit the apps that were previously developed for iOS to support the Apple TV’s tvOS.
Published on June 29, 2016
Researchers from the University of California, Riverside, and the U.S. Army Research Laboratory have found an off-path TCP vulnerability  that affects more than 80% of Android mobile devices. Unlike a Man-in-The-Middle attack, you don't need to be in the middle of the communication to get hacked - all attackers need to know is who you communicate with.
Published on October 11, 2016
Mobility has always been at the cutting edge of human innovation and technological advancement. This is unlikely to change in the foreseeable future. Already, mobility as we know it is seeing significant disruption thanks to the entry of nontraditional players who are leveraging the power of computing devices and the Internet. But few things are likely to have a bigger impact on mobility than the enormous volumes of data that will be generated as a result.
Published on February 10, 2019