CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

McAfee: Point of Sale Systems Putting Retailers at Risk

A new report from McAfee outlines the growing risks in the sales and commerce industry, due in part to the mix of legacy and newer Point of Sale (POS) systems, in addition to secondary market hardware. Overall, McAfee’s point is that businesses need to focus on more than just PCI DSS compliance.

A new report from McAfee outlines the growing risks in the sales and commerce industry, due in part to the mix of legacy and newer Point of Sale (POS) systems, in addition to secondary market hardware. Overall, McAfee’s point is that businesses need to focus on more than just PCI DSS compliance.

McAfee’s report points out that 38% of the systems used in the retail sector today are running DOS or a legacy version of Windows. POS systems that are updated too infrequently create vast windows of opportunities for criminals to find and exploit vulnerabilities, McAfee explained. So once a new vulnerability is located, businesses using the same types of systems are easily identified and attacked.

One would expect that systems vital to a retail operation would be updated and maintained, but IHL North American research shows that hardware updates, if they’re done at all, only occur every 10 years or so. Even then, many retailers often upgrade by purchasing off the secondary market, which puts them in the position of owning slightly used, newer outdated hardware.

“The industry is very fragmented with a large base of smaller merchants utilizing secondary market or used point of sale systems,” said Kim Singletary, director of retail solutions marketing at McAfee.

“Merchants who do not have a broader security and privacy focus are leaving themselves vulnerable to susceptible systems and processes. If security, compliance and privacy adherence were more transparent to consumers, then retailers could look at these things as business differentiators rather than obligations.”

Naturally, McAfee has a horse in the race here, as their suggestions are all focused on something that they, or their parent company Intel, can offer. Yet, other firms have tackled the secure POS for a while now, including Diebold, Citrix, even Oracle.

Still, McAfee’s suggestions; such as application whitelisting, POS integrity control and hardware-enhanced security, along with centralized management, are worth investigating. At the same time, it’s worth researching the best solution available for your organization, because smaller mom and pop retail operations cannot afford all that McAfee and Intel have to offer.

“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group.

Advertisement. Scroll to continue reading.

A full copy of McAfee’s report is available here.  

Related Reading: New Malware Targeting POS Systems, ATMs Hits Major US Banks

Related Reading: vSkimmer Targets Payment Card Terminals Connected to Windows

Related Reading: Dexter Malware Targets POS Systems in Time for Holiday Rush

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.