Point-of-sale (PoS) systems are the common sources for skimming vital credit card information of the consumers at retail outlets. When I say retail outlets, it covers all the franchise businesses from car rentals to any and all chain retail merchandise stores. The security risk increases multi-fold when the PoS systems are connected to computers in the retail locations. A small retail shop do not have the need to connect computers in the store to process credit card transactions or track inventory, however, larger retail chains have the need to deploy computers connected to the PoS systems in the stores.
PoS systems that are not networked with computers are vulnerable only to physical skimming devices attached to the PoS terminals. Other vulnerability in such isolated PoS terminals is to tap into the data network either dial-up phone lines or ethernet. These physical hacking techniques do not favor the risk versus reward equation for the hackers. So, in general, isolated PoS systems are lesser hacking targets and are less vulnerable to hacking than those juicy computer networked PoS systems of larger retailers.
Computer networked PoS systems are deployed to manage store inventory, gather sales analytics and reporting. Such systems are integrated to the federated data management systems in the corporate data-centers. This makes the PoS systems, and even the entire corporate network, vulnerable to hacking through the compromised computers in the PoS network. This opens up the possibility of potential hacking targets to hundreds of thousands of computers across hundreds of thousands of locations.
Even though most PoS systems data transmissions are encrypted, most retail networks are still plain text telecom and use of encrypted network connections are limited. Even though PoS systems data transmissions are encrypted, all it takes are microseconds by hackers to grab critical credit card information from the PoS systems before it is transmitted. Hackers just have to succeed just onetime in hacking into one of the computers in the PoS network to skim hundreds of thousands of credit card information. So, the security of computers and networks in the retail outlets are as important as corporate networks.
The protection of the computers, desktops and servers, in the retail locations that are integrated to PoS systems depends on several aspects of network and infrastructure management at the stores. How are the store networks deployed, managed and supported How are the PoS applications on those servers deployed, patched and synchronized with the up-to-date releases Are all store networks integrated and encrypted Can cyber security tasks at the stores be performed easily, executed regularly or even automated These problems can be solved if retail chains look beyond the traditional networking and infrastructure solutions currently utilized at retail outlets.
FREE IEEE PAPER