Retail risk through POS systems

September 2013 Information Security, Retail (Industry)

McAfee has released ‘Retail Reputations: A Risky Business’, a report on the growing risks the industry is facing with both legacy and newer point-of-sale systems (POS). The report discusses how the retailing industry’s reliance on third parties for service and support is creating security vulnerability and privacy issues. Today’s advanced security threats mean that a retailer needs to be more than just PCI DSS compliant in order to protect customer information beyond credit cardholder data.

“The industry is very fragmented with a large base of smaller merchants using secondary market or used point-of-sale systems,” said Kim Singletary, director of retail solutions marketing at McAfee. “Merchants who do not have a broader security and privacy focus are leaving themselves vulnerable to susceptible systems and processes. If security, compliance and privacy adherence were more transparent to consumers, then retailers could look at these things as business differentiators rather than obligations.”

System integrators in the retail industry are being asked to be certified by the PCI Council as a key component to the technology and service supply chain to resolve the inconsistent attention to security and vulnerable configuration issues that could lead to security compromise. Retailers need to be concerned with how they evolve customer engagement and ensure their security strategy and plans address the growing threat landscape. Securing POS systems from basic system functions to newer applications that use customer information is essential to protecting the retailer’s brand and reputation.

The McAfee report reveals that POS systems are updated too infrequently, creating vast windows of opportunities for criminals to find and exploit vulnerabilities. Once a new vulnerability is located, businesses using the same types of systems can be easily identified and targeted for attack. The vulnerabilities with POS systems that are not regularly updated increase the likelihood that consumers’ cardholder and personal data is at risk.

“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group. “When a security breach occurs, retailers are at risk of losing their customers’ trust and business.”

The report calls attention to the need for retailers to invest in protecting consumers’ information. McAfee recommends retailers implement higher levels of security to defend against advanced security threats such as:

* Application whitelisting,

* Point-of-sale integrity control, and

* Hardware-enhanced security.

The report also recommends retailers use orchestrated security management solutions for POS systems to reduce the burden of distributed system security monitoring and policy management.

For more information contact McAfee, +27 (0)11 707 5500, craig_hockley@mcafee.com, www.mcafee.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Reinforcing cyber defences in a world of evolving threats
Sophos Information Security
[Sponsored Content] In South Africa, the urgency to amplify cybersecurity measures is underscored by alarming statistics revealing the continued vulnerability of organisations to ransomware and other sophisticated cyberattacks.

Read more...
Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.

Read more...
SA enterprises can benefit from AI-driven cybersecurity
AI & Data Analytics Information Security
Cybercrime is big business, and threat actors deploy cutting-edge tools to carry out attacks. Fortunately, cybersecurity is constantly evolving to meet and counter the threats they face.

Read more...
Cyber threat anticipation
NEC XON Information Security Risk Management & Resilience
The ever-increasing number of sophisticated attacks on the horizon means organisations must evolve and adapt their cybersecurity strategies to protect their data, systems, and reputation.

Read more...
Africa Online Safety Fund announces grant winners
News & Events Information Security
The Africa Online Safety Fund (AOSF) has announced the winners of this year’s grants; among them are five organisations operating in South Africa to educate people about online risks.

Read more...
Gigamon announces the availability of its new Precryption technology
Information Security Risk Management & Resilience
Powerful technology captures packets inside the Linux kernel, bringing plaintext visibility to encrypted traffic to eliminate the most significant security blind spot across virtual, cloud, and container applications.

Read more...
Harnessing the power of quantitative risk assessment
Information Security Risk Management & Resilience
In an era where digital threats loom larger than ever, businesses need to pivot from merely defending against cyberattacks to building an infrastructure that can absorb and adapt to them.

Read more...
Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Read more...
Lowering the barriers to migration
Symbiosys IT Information Security
Many businesses struggle with the complexities of user and data migration. It can be a daunting process, and it is often initially difficult to perceive a tangible return on investment.

Read more...
Strategies to address insider threats
Information Security
According to the 2022 Ponemon Cost of Insider Threats Global Report, incidents of insider threats have increased by 44% in the last two years and now account for 22% of all data breaches.

Read more...