-- A lina, Chewbacca and Punkey are just a few names on a long list of POS system malware infiltrating the payment processing community. A report published July 7, 2015, by the Financial Services Information Sharing and Analysis Center, the Retail Cyber Intelligence Sharing Center and the United States Secret Service, with the support of Visa Inc., highlights malware as an immediate danger to POS system.
The advisory, titled Alert and Recommendations: Securing Merchant Card Payment Systems from the Risks of Remote Access, identifies common cyber exploitation threats and proposes tactics, techniques and procedures that retailers and payment service providers can use to help mitigate attacks. These methods, called TTPs, are straight out of the FS-ISAC, R-CISC and Secret Service playbooks.
The report's TTPs and security controls focus on four key vulnerabilities in POS systems:
Unauthorized access via remote access
Exploiting commercial application vulnerabilities
Email phishing
Unsafe web browsing from computer systems used to collect, process, store or transmit customer information
A front page disclaimer positions the advisory as a general overview and point of reference. Its recommendations are meant to enhance but not replace the Payment Card Industry Data Security Standard and third-party vendors that help small merchants implement security controls and protect their processing environments.
Remote access controls
Cyber crime has evolved over the years into a highly sophisticated, multibillion dollar industry. Attackers tend to be knowledgeable about their targets and use their knowledge and expertise to create elegant hacking tools that can be seamlessly integrated into payment processing environments. The growing popularity of customized POS systems has spawned equally popular customized malware designed to exploit databases and payment processing systems by using remote access tools.
One of the most popular methods that hackers use to get into proprietary systems is to target employees who have remote access to a company's virtual private network. Once the criminals have access to an employee's log-in, they can wreak havoc and steal sensitive data. "Implementing multifactor authentication on remote access devices reduces the risk of attackers gaining access to the network," the report stated, noting that these remote access platforms are frequently overlooked and vulnerable to attack.
Authentication, encryption, tokenization
The race is on in the United States for merchants to upgrade and implement Europay, MasterCard and Visa-compliant POS systems before the Oct. 1 liability shift. The report proposes that service providers bundle other security services with updated chip card readers to further reduce risks. These services may include end-to-end encryption, tokenization and physically attaching a handheld credit card processing unit to a secure platform.
The report indicated there are no shortcuts to maintaining a secure environment and recommended continual monitoring of the entire POS environment, including internal firewalls, Internet access, physical access and use of multifactor authentication. Implement multifactor authentication for the employees involved in managing the transactions of customer data and updating the applications protecting those transactions.
To learn more on point of sale software, call 1-888-895-3129 or visit http://www.credit-card-processing.com
Contact Info:
Name: Jim Johnston
Email: Send Email
Organization: Merchant Resources
Phone: 1-888-895-3129
Website: http://www.credit-card-processing.com
Release ID: 90849
Google
RSS