GBAF Logo
PROTECTING AGAINST CREDIT CARD DATA THEFT – SECURING POINT OF SALE SYSTEMS IS CRITICAL - Finance news and analysis from Global Banking & Finance Review
Finance

PROTECTING AGAINST CREDIT CARD DATA THEFT – SECURING POINT OF SALE SYSTEMS IS CRITICAL

Published by Gbaf News

Posted on August 12, 2014

3 min read

· Last updated: April 16, 2020

Add as preferred source on Google
fintech Digital banking security Finance

Author: Lucas Zaichkowsky, Enterprise Defense Architect at AccessData

The Widespread Threat of Card Data Theft

Card data theft is a rampant problem. Each year, thousands of businesses are hacked over the Internet by criminals stealing credit cards processed through inadequately protected Point of Sale (POS) systems. With millions of potential victims connected to the Internet and little chance of prosecuting offenders, there is no end in sight to this issue.

Lucas Zaichkowsky

Lucas Zaichkowsky

Vulnerabilities in Modern Payment Systems

Credit card data can be very easily stolen even from modern payment systems thought to be secure. I’d like to share advice based on payment card breaches of all sizes and sophistication I’ve observed over the years.

Unique Risks Facing Small and Medium Businesses

Small and Medium Businesses

Educating POS Dealers Improves Security

The most effective action is educating local point of sale (POS) dealers that sell and maintain equipment for merchants.

  •  The most common way small businesses get breached is through remote desktop software with weak security. For remote access and support, use solutions that support two-factor authentication such as sending a one-time PIN (OTP) to a mobile phone to complete the login process.
  •  Filter Internet traffic from POS systems. Checking email and Facebook accounts from the same systems used to accept credit cards is a bad idea.
  •  Invest in encrypting card readers supported by your credit card processor. These readers should support magstripe, EMV chips, and manually keyed in card numbers. Not only are these solutions secure, the benefits of PCI scope reduction offered by these solutions will more than pay for the cost of hardware.

Large Businesses

  •  Follow the same advice offered to small businesses to avoid being the victim of opportunistic attackers.
  •  Know your network in relation to the flow of cardholder data. Maintain a keen eye towards protecting the card data environment (CDE) from the rest of your network. Your business network will likely be traversed by attackers as they manoeuver past all layers of defences, finding ways to pivot into your card data environment.
  •  Know your enemy and don’t underestimate them. Articles covering breaches tend to focus on one point of failure, creating an illusion that these incidents could have easily been prevented. Unfortunately, it’s not that simple. The attackers targeting large victims are highly skilled and capable of circumventing all layers of defence.
  •  Spend energy identifying and investigating attacks in progress. By seeking out attacker behaviours and their tools, you stand a much better chance of putting a stop to it before major damage is done.
  •  Obtain executive support to harden systems. Removing local admin rights from your users is a battle especially worth fighting. By having a risk discussion leveraging reputable data sources such as breach reports by incident response companies, your executive team will be much more likely to support a lockdown to avoid being the next headline.

Key Takeaways

  • Educate POS dealers and secure remote access with two‑factor authentication.
  • Isolate and monitor cardholder data environments to detect and stop attacks early.
  • Use point‑to‑point encryption and EMV‑capable readers to reduce PCI scope.
  • Limit local admin rights and gain executive support for system hardening.

References

Frequently Asked Questions

Why is POS security critical for preventing data breaches?
POS systems handle sensitive cardholder data and are prime targets for attackers using malware or man‑in‑the‑middle tactics, so multilayered protection is essential.
How does point‑to‑point encryption (P2PE) help protect card data?
P2PE encrypts card data from the reader through to the processor, making intercepted data unreadable and reducing PCI scope.
What are common vulnerabilities in small business POS setups?
Using remote desktop tools with weak security and mixing POS with general Internet use (email, social media) expose systems to credential theft and malware.
Why is executive support important for POS security?
Strong leadership backing helps enforce restrictive measures like removing local admin rights and investing in security tools.
What proactive steps can large businesses take to defend their Card Data Environment?
They should monitor attacker behavior, segment the network, and act quickly on threat detection to prevent lateral movement into the CDE.

Tags

Related Articles

Image for WHO reports six confirmed hantavirus cases tied to Spain-bound cruise

WHO reports six confirmed hantavirus cases tied to Spain-bound cruise

Image for Russia holds scaled-back WW2 victory parade as worries over war in Ukraine deepen

Russia holds scaled-back WW2 victory parade as worries over war in Ukraine deepen

Image for Colombia urges Glencore to discuss Cerrejon coal mine closure with local authorities

Colombia urges Glencore to discuss Cerrejon coal mine closure with local authorities

Image for India orders antitrust probe into liquor giant Pernod's dealing with retailers

India orders antitrust probe into liquor giant Pernod's dealing with retailers

Image for Apple, Intel have reached preliminary chip-making deal, WSJ reports

Apple, Intel have reached preliminary chip-making deal, WSJ reports

Image for Analysis-A divided kingdom: pro-independence parties surge across Britain

Analysis-A divided kingdom: pro-independence parties surge across Britain

More from Finance

Explore more articles in the Finance category

Image for UK PM Starmer names former PM Gordon Brown as special envoy on global finance
UK PM Starmer names former PM Gordon Brown as special envoy on global finance
Image for US says it will revert to higher tariffs on EU goods if Brussels misses July 4 deadline
US says it will revert to higher tariffs on EU goods if Brussels misses July 4 deadline
Image for UK watchdog says car finance legal challenge hearing unlikely before October
UK watchdog says car finance legal challenge hearing unlikely before October
Image for Denmark's coalition talks break down in setback for prime minister Frederiksen
Denmark's coalition talks break down in setback for prime minister Frederiksen
Image for Bank of England's Bailey sees 'wrestle' with US on stablecoin regulation
Bank of England's Bailey sees 'wrestle' with US on stablecoin regulation
Image for Recognition for Fastest Growing Wealth Management Software Solution Provider 2026
Recognition for Fastest Growing Wealth Management Software Solution Provider 2026
Image for Fastest Growing Virtual Office Assistant Outsourcing Company 2026—Call for Entries
Fastest Growing Virtual Office Assistant Outsourcing Company 2026—Call for Entries
Image for Recognition for Fastest Growing Supply Chain Finance Technology Provider 2026
Recognition for Fastest Growing Supply Chain Finance Technology Provider 2026
Image for Fastest Growing Trade Finance Technology Provider 2026—Nominations Open
Fastest Growing Trade Finance Technology Provider 2026—Nominations Open
Image for Submit Your Nominations for Fastest Growing RPA Technology Provider 2026
Submit Your Nominations for Fastest Growing RPA Technology Provider 2026
Image for Fastest Growing Payment Solution Provider 2026—Apply Now
Fastest Growing Payment Solution Provider 2026—Apply Now
Image for Factbox-What to know about Tristan da Cunha, the island with a suspected hantavirus case
Factbox-What to know about Tristan da Cunha, the island with a suspected hantavirus case
View All Finance Posts