While cash was king for the majority of our nation’s history, credit cards have been growing in popularity since they first originated in the 1950s. Today, however, the population is carrying less cash. In a survey, 76% reported they keep less than $50 on hand at all times (if that). The convenience of credit cards has taken over and small businesses have had to adapt to retain customers. However, accepting credit cards as a business does carry significant risk. Point of sale— POS cyber attacks—have become a serious concern for business owners in all types of industries.
While business owners could certainly eliminate the risk of a POS cyber attack entirely by denying customer payment by credit card, it’s unlikely that they would have enough customer transactions to stay in business for long.
The majority of customers will opt for the quick convenience of a card-accepting business over a business that accepts cash only. Today, any business owner who intends to run a profitable business has to accept customer credit cards in order to ensure sales and in doing so, needs to consider and prepare for the extensive risk cyber risk they’re taking on.
What is a Point-of-Sale (POS) System?
A point-of-sale (POS) system is the location in which business employees complete their customers’ purchases (online or in-person). While these systems were once simply referred to as cash registers, they’re now credit card chip readers, electronic tablets, and even small attachments for smartphones.
The operating system which completes these transactions can also track inventory, store customer data, and hold additional necessary information under one, single database.
While these systems can make purchases and transactions seamless and simple for both business owners and customers, hackers are ready and waiting to launch POS cyber attacks to force data breaches so they can steal customer information.
Can POS Be Hacked & Who is at Risk?
While many business owners have become familiar with largely publicized cyber attacks, such as social engineering and ransomware, many are still wondering: What is a POS attack?
A POS system is still a computer and susceptible to cyber attacks. A POS malware attack enters through weak or damaged systems and memory scraping malware goes through the random-access memory (RAM) to locate credit card numbers, gift cards, and other types of data.
There are multiple types of malware intended for POS software, including:
- BlackPOS
- TreasureHunt
- NitlovePOS
- PoSeidon
- MalumPOS
In addition, employee theft can also be a significant risk to POS systems, including credit card theft and double swiping.
Double swiping is a type of theft in which the microchip on the credit card has already been “dipped” to complete the transaction and an employee swipes the magnetic strip through the store’s own computer system. This collects credit card information for reasons unrelated to payment and increases the risk of hackers accessing and stealing the information.
Does Outsourcing Payment Processing Reduce Exposure?
This is one of the most dangerous misconceptions that business owners who accept payments via credit card face. While outsourcing payment processing to a third-party can be a useful practice for many businesses, this does not eliminate the liability of POS cyber attacks, should the third-party fall victim.
Business owners will still be responsible for the breach of customer data and any potential PCI compliance fines, both of which can be extremely costly.
Protecting POS Systems & Reducing Risk
There’s a number of steps business owners can take to reduce their risk and protect their POS system from attacks.
- Screen all employees who will be operating the POS system and completing customer transactions thoroughly.
- Verify the credentials of any technician conducting maintenance on POS systems.
- Proactively obtain a Cyber Insurance policy.
A POS attack can cause significant financial damages to a company, organization, and especially small businesses. A cyber insurance policy provides protection against third-party liability claims that can arise following a breach of customer data.
Partnering with ProWriters: More Ways to Protect Your Clients
For more information on how to protect businesses from cyber attacks, download our FREE eBook, Ransomware: The Front Lines. Here, we’ll further discuss what makes these attacks so dangerous and what your clients can do to both protect themselves and recover, should they fall victim to an attack.
Have cyber-related questions? Contact a ProWriters expert today at (484) 321-2335.