Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

McAfee: Point of Sale Systems Putting Retailers at Risk

A new report from McAfee outlines the growing risks in the sales and commerce industry, due in part to the mix of legacy and newer Point of Sale (POS) systems, in addition to secondary market hardware. Overall, McAfee’s point is that businesses need to focus on more than just PCI DSS compliance.

A new report from McAfee outlines the growing risks in the sales and commerce industry, due in part to the mix of legacy and newer Point of Sale (POS) systems, in addition to secondary market hardware. Overall, McAfee’s point is that businesses need to focus on more than just PCI DSS compliance.

McAfee’s report points out that 38% of the systems used in the retail sector today are running DOS or a legacy version of Windows. POS systems that are updated too infrequently create vast windows of opportunities for criminals to find and exploit vulnerabilities, McAfee explained. So once a new vulnerability is located, businesses using the same types of systems are easily identified and attacked.

One would expect that systems vital to a retail operation would be updated and maintained, but IHL North American research shows that hardware updates, if they’re done at all, only occur every 10 years or so. Even then, many retailers often upgrade by purchasing off the secondary market, which puts them in the position of owning slightly used, newer outdated hardware.

“The industry is very fragmented with a large base of smaller merchants utilizing secondary market or used point of sale systems,” said Kim Singletary, director of retail solutions marketing at McAfee.

“Merchants who do not have a broader security and privacy focus are leaving themselves vulnerable to susceptible systems and processes. If security, compliance and privacy adherence were more transparent to consumers, then retailers could look at these things as business differentiators rather than obligations.”

Naturally, McAfee has a horse in the race here, as their suggestions are all focused on something that they, or their parent company Intel, can offer. Yet, other firms have tackled the secure POS for a while now, including Diebold, Citrix, even Oracle.

Still, McAfee’s suggestions; such as application whitelisting, POS integrity control and hardware-enhanced security, along with centralized management, are worth investigating. At the same time, it’s worth researching the best solution available for your organization, because smaller mom and pop retail operations cannot afford all that McAfee and Intel have to offer.

“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group.

A full copy of McAfee’s report is available here.  

Related Reading: New Malware Targeting POS Systems, ATMs Hits Major US Banks

Related Reading: vSkimmer Targets Payment Card Terminals Connected to Windows

Related Reading: Dexter Malware Targets POS Systems in Time for Holiday Rush

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem