Regaining Consumer Trust Post-Breach Starts at the Point of Sale

After a number of high profile security breaches in the past couple of years, consumer trust in the payments system is more fragile than ever.

Point of sale (POS) providers bear much of the responsibility for restoring that trust. POS security is vital to the success of your business.

The series of breaches has revealed a number of lessons about what caused the events, and what should be done to prevent them.  

Retailers rely on POS vendors to keep customer information secure. In reporting their security breaches to customers, restaurants and retailers alike speak of compromised POS systems. Barnes & Noble, Home Depot, Target, PF Chang’s, Michaels, and Jimmy John’s each had POS systems that were infected by malware of some sort. In none of those cases did employee neglect or corruption lead to the theft of customer information.

These retailers relied on their POS vendors to keep the customer information secure. When the POS system failed to do so, the retailer paid the price. Target reported their breach as costing upwards of $148 million. By the time they fixed the breach, addressed customer complaints, provided ID protection, and dealt with the bad publicity, stocks took a hit, too. Those numbers don’t yet reflect consumers who chose to shop elsewhere for fear of having their information compromised.

Attacks have multiple access points. In the Home Depot breach, the malware targeted the self-checkout terminals. Gas stations around the United States also report crooks tampering with the self-pay terminals at gas pumps. The Jimmy John’s breach, on the other hand, was the result of someone stealing log-in credentials from the POS vendor and accessing information remotely.

According to Trend Micro, POS malware has three primary access points. So even if a retailer diligently watches the physical processing terminal, security is not guaranteed. The three access points are: servers, the network, and the credit card processing machine itself. Each access point must be secure to keep hackers at bay.

Operating systems, servers, and updates matter. Despite Microsoft’s best attempts, Windows operating systems continue to be more vulnerable to malware than iOS. Security updates that must be downloaded give hackers another opportunity to expose POS systems to a virus or malware, simply by masquerading as a system update. Bindo’s white paper on POS security addresses more specifics about the benefits of Apple’s iOS.

US security requirements lag behind European security measures. Cards that have a microprocessor (chip) embedded rather than using the magnetic stripe prove to be more secure overall. This EMV standard has been the norm in Europe and credit card fraud has noticeably reduced. This Chip and PIN approach will become mandatory in the US in 2015, protecting consumers, retailers, and banks from fraudulent activities.

David Bozin is vice president of growth development at Bindo.