Attacks are multiplying against Point-of-Sale (POS) systems. Hackers view this payment system as easy targets. The reason behind is that POS systems have relatively old security protocols.
Shifting towards EMV Technology
In the wake of POS systems hacking, large retailers such as Target, Wal-Mart and Home Depot have hurried to upgrade their existing POS systems by integrating Europay, MasterCard and Visa (EMV) chip cards to thwart payment fraud. Nevertheless, adopting EMV technology is problematic for a majority of small retailers. The latter have been using outdated POS systems that cannot even accept chip cards. As such, these systems cannot be updated and reinforced. According to a survey carried out by Boston Retail Partners, only 22% of retailers have adopted EMV technology. Within one year, another 53% should be following this trend.
Retailers, especially small ones, do not always regard the security of back-end systems as a top priority. The reasons are that many of these systems are still running outdated operating systems with notorious loopholes such as Windows XP, payment card information are not deleted at acceptable intervals, firewalls are not supported and credit cards information as well as access to network are not rigorously controlled. In brief, small retailers are much more preoccupied with business matters than anything else.
Many also think that hackers rhyme with online security but this is not necessarily true. A frustrated employee might infect his employer’s security system with malware by using a USB drive. Also, many retailers have temporary staff to manage their security systems, which may place the business at higher risk. Retailers need to ensure that only authorized staff has access to security back-ends. Before buying any security system, merchants must do their own research about issues rather than trusting the seller’s words. In countries such as Brazil and China, many POS systems are infected with malware even before they are sold.
The need for a comprehensive solution
Back-end systems and database systems should not be managed separately. Both form part of an interconnected structure requiring a holistic approach to find proper solutions to prevent payment frauds. It is recommended that companies reinforce the armada of staff managing the security system because one of the principal moves might be in spotting underlying gaps in the security system as a whole.
Related articles published in EMV and Smart Payment Cards :
- EMV conversion: Neither security nor convenience sacrificed
- Chip Cards: A semi-satisfactory first birthday
- Mobile POS Market Expects 38% Boost by 2024, NFC Seen to Top the List