Traditionally, not carrying cash was a question of convenience or preference. However, for many individuals today, it is an issue of health and safety. Even physical point-of-sale (POS) transactions are becoming more digital and touchless.
Hackers, cyber-criminals, and malevolent individuals are not blind to the surge in cashless POS transactions. This is because technology such as near-field communication (NFC) and radio-frequency identification (RFID), which are generally used in cashless POS transactions, remain susceptible to data theft.
In the post-Covid-19 cashless age, POS scams will become more widespread. Let's find out how POS scams work, how risks will evolve in the cashless future, and what you can do to prevent it.
Contents
It's quite evident that POS scams are frequently not taken as seriously as they should be. This is largely due to the intense focus on cloud and mobile security.
However, when a consumer uses a smartphone or another contactless payment method, the customer's credit card information is left exposed unless it is properly protected. More specifically, hackers target the firmware in POS terminals in order to steal credit cards and other payment data.
The issue is that many retailers do not use point-to-point encryption (P2PE) to protect their POS data. Without P2PE, it is difficult to guarantee the security of payment data from the customer's smartphone to the backend payment processing systems.
Regrettably, many shops rely entirely on transmission-level encryption for POS transactions, encrypting card data only during the transfer from the POS terminal to the payment processor. This widens hackers' attack surface, posing additional risk to businesses during times of crisis.
The operating system that is being utilized is one of the most significant dangers to the security of POS systems. Numerous POS attacks are effective as a result of retailers' employment of older software platforms such as Linux or Windows XP. While the popularity of these is reducing due to new systems such as Square and Bank of America's Clover, many businesses continue to struggle with backend operating systems.
However, regardless of the backend technology used by retailers, maintaining the latest updates is crucial for POS data security. When original equipment manufacturers (OEMs) design and produce POS systems, they may not necessarily handle every single cyber threat. As a result, failing to install and maintain security updates is critical for preventing malware and other types of POS assaults.
For instance, POS malware was recently utilized to compromise fuel dispenser POS systems at gas stations across the United States of America. Visa has already issued a warning to all gas stations, noting that the complexity of these malware assaults far exceeds that of previous credit and debit card skimming methods at gas stations.
Debit transactions made via mobile wallets have increased by an incredible 76% compared to the last year. And, as the volume of transactions increases, businesses should look to established compliance and security frameworks to ensure that the bulk of those transactions is free of POS scams and breaches.
To start, retailers should take all reasonable steps to comply with the Payment Card Industry Data Security Standard (PCI DSS). While the PCI DSS is an excellent starting point, it also includes rules for POS systems and even supports the usage of P2PE. By implementing P2PE, cybercriminals will be unable to decrypt data even if they obtain access to the POS system.
Additionally, merchants should adopt a "lockdown" strategy for their POS terminals, utilizing technology that whitelists authorized processors. If any non-whitelisted systems or software connect to the POS, the system instantly shuts down and locks down fully until the issue is fixed, preventing fraudulent transactions from being executed.
Whether in a retail store or restaurant, contactless payments will continue to grow in popularity until people regain confidence in physically touching and engaging with cash and credit/debit cards. Hackers are aware of this and are more likely than ever to target POS systems. Merchants may avoid this by being aware of POS vulnerabilities, anticipating how hackers would attempt to gain access, and implementing appropriate compliance and technological solutions.
If you are a business owner looking to protect your site when accepting payments, check out Processing Card’s blog today for more information!
