Rather than setting their sights on computers, cybercriminals are increasingly targeting point of sale systems to steal valuable customer information. With attacks against in-store systems growing, the payment industry is fighting back. The Payment Card Industry Security Standards Council (PCI SSC) recently overhauled its guidance document to curb data breaches and security flaws in payment systems, according to a new document. Although the PCI SSC has updated its recommendation for payment system security, some IT professionals are questioning whether these methods are enough to stop cybercriminals from getting their hands - and servers - on customer data.
Recently, the PCI SCC unveiled version 3.0 of the Payment Card Industry Data Security Standards (PCI DSS), Mark Burnette, partner with LBMC Security & Risk Services, wrote in Help Net Security. The newest update focuses on testing to ensure systems are not vulnerable to outsider attacks. With greater risk management, companies may be able to prepare for hacking incidents before they happen.
PCI SSC warns that POS systems are vulnerable to hacking methods and other attacks - from malware infections to skimming cards to steal information. To combat against these tools and techniques, the organization said organizations should become aware about how cybercriminals steal information. Not only can hackers physically install skimmers to siphon information from payment cards, but they can also steal data from a wireless infrastructure and near field communication readers.
Updating Systems for Compliance
Although the guidelines for PCI compliance went into effect on Jan. 1 of this year, companies will be able to ready themselves for a year before the standards are enforced.
With the variety of hacking methods that could exploit vulnerabilities in POS systems, companies may have a difficult time complying with the new standards in preparation for all of these types of attacks. Concerns surrounding payment systems are retailers have grown after the data breaches were revealed at Target last year and the more recent breach at Home Depot.
Although companies may be compliant with security standards set by PCI, there is the risk that cybercriminals will have infiltrated POS systems to infect terminals with malware or other hacking tools without firms knowing for months - enough time for thieves to put customer information for sale on black markets that are later used for identity theft purposes.
While the danger of cybertheft has increased, companies should ensure they are maintaining their systems and updating their technology as often as they need to. Although the cost of switching to new technology is huge, not spending the money and dealing the widespread financial impact of a data breach will be even more costly.