Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Report on POS risks in retail environments

McAfee : 09 April, 2013  (Technical Article)
A report from McAfee examines the growing risk of security and privacy with modern point of sale systems in the retail industry

McAfee has released Retail Reputations: A Risky Business, a report on the growing risks the industry is facing with both legacy and newer point of sale systems (POS). The report discusses how the retailing industry’s reliance on third parties for service and support is creating security vulnerability and privacy issues. Today’s advanced security threats mean that a retailer needs to be more than just PCI DSS compliant in order to protect customer information beyond credit cardholder data.

“The industry is very fragmented with a large base of smaller merchants utilising secondary market or used point of sale systems,” said Kim Singletary, director of retail solutions marketing at McAfee. “Merchants who do not have a broader security and privacy focus are leaving themselves vulnerable to susceptible systems and processes. If security, compliance and privacy adherence were more transparent to consumers, then retailers could look at these things as business differentiators rather than obligations.”

System integrators in the retail industry are being asked to be certified by the PCI Council as a key component to the technology and service supply chain to resolve the inconsistent attention to security and vulnerable configuration issues that could lead to security compromise. Retailers need to be concerned with how they evolve customer engagement and ensure their security strategy and plans address the growing threat landscape. Securing POS systems from basic system functions to newer applications that utilise customer information is essential to protecting the retailer’s brand and reputation.

The McAfee report reveals that POS systems are updated too infrequently, creating vast windows of opportunities for criminals to find and exploit vulnerabilities. Once a new vulnerability is located, businesses using the same types of systems can be easily identified and targeted for attack. The vulnerabilities with POS systems that are not regularly updated increase the likelihood that consumers’ cardholder and personal data is at risk.

“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group.  “When a security breach occurs, retailers are at risk of losing their customers’ trust and business.”

The report calls attention to the need for retailers to invest in protecting consumers’ information. McAfee recommends retailers implement higher levels of security to defend against advanced security threats such as:

* application whitelisting,
* point of sale integrity control and
* hardware-enhanced security.

The report also recommends retailers use orchestrated security management solutions for POS systems to reduce the burden of distributed system security monitoring and policy management.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo