Bit9

Skip Navigation

Enterprise Application Whitelisting

Current Articles | RSS Feed RSS Feed

Not locking down POS terminals should be a crime

Posted by Mario Vuksan on Fri, Jul 18, 2008
Digg digg it | Reddit reddit | del.icio.us del.icio.us | StumbleUpon StumbleUpon 

Every other week unchecked POS systems end up costing organizations dearly. Credit card number from only one of Dave & Buster's restaurants rung as much as $600,000 in unauthorized charges. The culprit was unauthorized network sniffing software. This sounds very similar to Hannaford Brothers scenario. How much of card member's money needs to be spilled before users of POS systems realize that their devices are not meant for surfing internet and playing games?  They should rather be machines whose configuration needs to be locked down.

 Even more so Peter Tippett, VP at Verizon Business claims that 45% of all breaches have a POS element. He would know as Verizon Business is exclusive forensics investigator for Credit Card industry when these breaches happen.

Not to boast our own successes, but everyone should look up to what Marks & Spencers is doing in UK. All POS systems need to be locked down with application whitelisting products like Bit9 Parity.

Tags: 

COMMENTS

It is real threat to all POs transaction. I feel still the POS users (merchants) are not ready to login repeatedly. I have proposed for timebound logout to many POS provider but they also dont agree because of lack of time. Merchant want to do transaction more than security and that allow the hackers and end up paying lot of money due to fraud. I feel PCI should come up with some logout and login issue also.

posted @ Monday, July 21, 2008 11:31 PM by Kishalay

There definitely has to be a layered approach to protecting user data. End point lockdown has to be paired with the transmission over a secured channel. Transmission should be encrypted (even though SSL is a very solid manner of protection), for those cases that protocol for whatever reason switches into regular text mode. Similarly, maintaining perpetual login is definitely not a good idea.  
 
 
 

posted @ Tuesday, July 22, 2008 10:55 AM by Mario Vuksan

Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

Receive email when someone replies.

Subscribe by Email

Your email:

Latest Posts

Posts by Month

Browse by Tag


Hubspot Site Analysis