Connect with us

Hi, what are you looking for?



Retailers Challenged by Mobility, Securing POS Systems

McAfee and global research and advisory firm IHL Group released a report examining how retailers are reacting to the challenges of managing and protecting store systems.

McAfee and global research and advisory firm IHL Group released a report examining how retailers are reacting to the challenges of managing and protecting store systems.

“The retail storefront has gone through many changes over the last decade, but one thing that hasn’t changed is that customers are looking for a seamless and positive shopping experience,” said Greg Buzek, President at IHL Group, in a statement. “Customers want to be able to buy, fulfill and return anywhere. When done right, the introduction of mobile devices within the store can help enhance the customer experience but comes with expanded risks.”

These changes have caused two significant events to occur – the increased sharing of information between different types of devices, and the need to be able to share information wirelessly within the store, according to the report. Complicating matters is the growing sophistication of criminals looking to compromise retailer systems and complying with requirements of the PCI DSS standard.

In February of 2013, IHL Group surveyed a group of 66 executives in the retail and hospitality industries in North America.  Among Tier I retailers, there were an equal percentage (38 percent) using a whitelisting approach as opposed to antivirus to protect their point-of-sale (POS) systems.

“When we look further into those over $5 billion in revenue, the difference between the two approaches widens significantly with 47 percent choosing a whitelist strategy compared to 26 percent selecting the antivirus strategy, a difference approaching 2x,” according to the report. “This data clearly suggests an ongoing strategy change around securing POS systems. When we consider the drivers section…and then consider the key benefits of whitelisting, we see a strong correlation between security concerns and strategies for addressing those concerns.”

“No survey respondents below $250 million in revenue noted the use of whitelisting, though two-thirds utilized antivirus/anti-malware software to secure their POS systems,” the report added.

The study also revealed that retailers understand PCI compliance, but struggle when the amount and variety of store systems increases to provide the necessary security and compliance management. On average only 22 percent trust the POS system manufacturer to provide security, according to the report.

Advertisement. Scroll to continue reading.

“The retail storefront has undergone significant changes to deliver convenience and speed to the customer,” said Tom Moore, vice president of worldwide embedded sales at McAfee, in a statement. “Data breaches are not new to this industry, but the expanded footprint of systems like kiosks and digital signs to the mix is adding complexity to the environment. This research validates that the security concern is real and that retailers need to provide a secure experience for their customers.”

The report is available here

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...