Protect your retail business and customers against PoS malware this festive season
18 December 2014
Alert Priority Moderate
As the 2014 festive season continues and post-Christmas sales draw nearer, retailers need to protect themselves and their customers against malware targeting Point of Sale (PoS) systems.
PoS systems capture and process credit and debit card information when consumers purchase goods and services from retailers. PoS malware aims to steal this information – comprising details such as the card number, expiry date and cardholder’s name – as it is entered into PoS systems. Criminals sell the information or retain it to create fraudulent credit and debit cards, which can be used to make purchases or empty consumers’ accounts.
More sophisticated PoS malware can target retailers themselves by introducing falsified data or by accessing other critical systems on the same network.
We recommend that retailers ensure their PoS terminals and systems are secure and all software − including antivirus products − are up to date. Where possible, PoS computers should only be connected to required services.
Researchers believe common malware can be delivered to PoS systems through phishing emails or by taking advantage of default credentials to access systems remotely. There are many types of PoS malware and recent media reports indicate versions are being sold on online forums frequented by malicious individuals. Illegally obtained card details themselves are being sold from similar locations.
Stay Smart Online has more information on PoS malware here.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.