THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Preventing an AttackPoint-of-Sale solutions are being utilized in ever-increasing numbers. This even more so during this holiday season as more and more companies see the benefit to using these devices. Whether it is in the retail environment or in the hospitality industry, Mobile POS solutions are making their way into different industry segments such as retail, and hospitality. This is especially true of the hospitality industry as more and more organizations embrace the ability to have mobile solutions for their customers to run their credit card transaction through. Here are a few of the ways that may be taken to secure your POS systems from a potential attack:
Development of secured firmware should be the focus of POS solution providers. Designing processes and systems that check the firmware for any deviation off what was previously installed or downloaded is one way that businesses will be able to secure the application that actually runs on the mobile device. Additional hardware checks should also be made that prevents any change to the interaction between the hardware and the firmware that is installed on it. This prevents the manipulation of the software and changing the parameters of coding process. These are areas that are discussed with any POS solution provider and should be an integral as part of your security posture. The software that is deployed on the hardware solution should also support the capabilities and reinforce the overall security processes that are utilized. Hardware and firmware should work in conjunction to secure the POS device from potential compromise (either of the hardware or of alteration to the firmware itself). This layered security approach provides a robust response to potential threats. EMV No Longer Cuts It The slow rate of adoption of the EMV smart card payment standard (A.K.A. chip and PIN) in the U.S. is one of the primary drivers for the repeated attacks on U.S. retailers. EMV requires a significant investment for companies to implement, and will not improve security for card-not-present transactions such as online or mobile purchases. As a result, chip and PIN alone will not be enough to protect retailers or merchants in the future. Businesses should focus on developing technologies and processes (such as end-to-end encryption and two-factor authentication) that would enable secure payment methods and protect consumers from evolving threats now, and in the future. Additional control technologies and systems will need to be adopted on a larger scale in order to protect consumers who use POS solutions. Multi-factor Authentication (MFA) has proven to be a viable addition to controls that are currently in place. Having additional steps put into place prior to processing a payments allows for further verification of user. In addition, the combination of biometrics and MFA has shown great promise, but providers are slow to adopt due to the cost of the implementation of the process and hardware that is needed to support it. Mobile Solution Adoption
While mobile solutions have the promise of solving most of the security issues that have been outlined in this blog. The actual adoption and use of those technologies has not panned out as expected. With the use of Apple Pay or Samsung Pay, most retailers and merchants either have adopted for a specialized service or support that method that is used by the hardware device that they have adopted as their POS solution. While a large number of solution providers use Near-Field-Communications (NFC) capabilities of the customer’s mobile device in order to provide the interaction for the processing of credit card data, not all mobile devices support this feature. This leaves the contact-less adoption rate lacking. In order to get more merchants to adopt this technology it has to provide more security than is provided currently by other solutions that just require the EMV chip. Summary With the growing number of breaches, happening through the compromise of a POS solution it is imperative that solution providers take the necessary steps to protect the end consumer. Customers are demanding more security from the organizations that process their credit card payments. Whether it is the security on the back-end of the process or the interaction with the device itself, the credit card payments industry has to do more to protect sensitive data. Regulatory requirements are being implemented and mandated by governmental agencies at an ever-increasing rate. While these laws provide the drive for the adoption of these controls. The slow adoption rate by the end consumer has led to a hole in protections that attackers are taking advantage of to breach accounts. Businesses will either demand stronger controls their POS solution providers, or face additional penalties for not implementing the controls and greater overall legal liability. The solution is simple, demand more security and implement it across the board with all POS solutions. That is easier said than done.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|