WASHINGTON – The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) recently issued a malware-POS alert, TA14-002A, entitled “Malware Targeting Point of Sale Systems.”
The alert comes less than one month after Target suffered a massive security breach at its point of sale systems over the holiday shopping period.
“For quite some time, cyber criminals have been targeting consumer data entered in POS systems,” the alert states. “In some circumstances, criminals attach a physical device to the POS system to collect card data ... In other cases, cyber criminals deliver malware which acquires card data as it passes through a POS system, eventually exfiltrating the desired data back to the criminal.”
To thwart such attempts, the alert recommends the following best practices:
- Use Strong Passwords: Change passwords regularly, using unique account names and complex passwords.
- Update POS Software Applications: POS systems are vulnerable to malware attacks when required updates are not downloaded and installed on a timely basis.
- Install a Firewall: Firewalls should be utilized to protect POS systems from outside attacks.
- Use Antivirus: Antivirus programs attempt to restrict malware’s access to POS systems.
- Restrict Access to Internet: POS systems should only be utilized online to conduct POS related activities and not for general Internet use.
- Disallow Remote Access: To prevent unauthorized access, disallow remote access to the POS network at all times.
Additional resources for retailers are available through the NACS/PCATS “We Care” program, including the NACS/PCATS We Care Data Security Program Overview that offers solutions for securing POS systems through an 8-point data security plan. By following the 8-point plan, data breaches at retail locations can be greatly reduced.