Data breaches are becoming increasingly common in the retail industry. One of the biggest cyber security incidents of the last few years was when Target's point-of-sale systems were hacked in the fall and winter of 2013. According to CNN Money, more than 40 million customers' credit and debit card data was stolen from Target's databases – resulting in the company having to pay $10 million in damages (or up to $10,000 per impacted customer).
If this isn't enough of a reason for companies to want to protect their POS systems against attack, it's clear that data breaches are becoming more expensive. A study conducted by the Ponemon Institute and IBM in 2015 found that the expenses associated with a data breach in 2015 had increased by an astonishing 23 percent from numbers collected in 2013. Now, these kinds of security failures have an average consolidated cost of $3.8 million.
Reputation on the line
Companies like Target that experience a data breach don't just lose money in the short term when the incident goes public. They can sustain damage to their reputations, as well, which means a disgruntled customer base and, eventually, significant loss of revenue down the line.
According to USA Today, in the wake of the huge hack on Target POS systems, consulting group Kantar Retail found that customer traffic had reached a three-year low for the company. Kantar's analysis indicated that 33 percent of U.S. households had shopped at Target in January 2014, whereas 43 percent had done so in the same month of the previous year. So, beyond the $10 million in reparations that they company had to pay up front, the retailer also sustained losses to its bottom line due to a lack of trust from its customer base. This could mean bad news for the future of Target – but especially for smaller businesses that suffer similar attacks and aren't quite at the corporation status.
Target isn't the only one to have experienced a major security malfunction in the last few years. In fact, as recently as November 2015, Dark Reading reported that the POS systems of the hotel chain Hilton Worldwide had been invaded by malware that had stolen the names, card numbers, expiration dates and security codes of some of its customer base. The company didn't give the exact number as to how many customers had been affected by this breach, but it did indicate that hackers had access to its systems for at least 17 weeks.
Operation Black Atlas
Teams of hackers have set their sights on retailers using malicious programs and powerful botnets. Trend Micro researchers found in December 2015 that a hacker campaign called Operation Black Atlas was using a malware called BlackPOS to steal credit card data from retailers in the U.S. this past holiday season. BlackPOS, according to a different report from Trend Micro, is the most well-known POS malware family. Its source code has been posted online, so it's easier to use than some other options. Organizations within the health care and retail industries were both targets of this attack. It works by performing reconnaissance and gathering information from POS systems, and thus far, these criminals have stolen information for email and Facebook accounts for various users.
"The most interesting data we found was that of a live video feed of closed-circuit television (CCTV) cameras in a gasoline station," the Trend Micro researchers reported. "Either this is taking reconnaissance to another real-time level or the cyber criminals simply captured whatever information is available."
How to keep POS systems safe
The above examples are all good reasons for retailers, health care organizations and other companies that use POS systems to improve the security at their terminals both online and in brick-and-mortar stores. Online sales security is also worth mentioning here. Online retailers also need to worry about how they secure transactions that take place over the Web. According to Sci-Tech Today's Steve Beene, as POS fraud is expected to decrease as the adoption of EMV chips continues to grow, online transactions may see an increase in security incidents.
Investing in the right cyber security solutions can make a difference when keeping POS systems clean of malware and making sure customer data is safe. By installing endpoint security solutions like Endpoint Application Control from Trend Micro, companies can strengthen POS security and help keep malicious programs like BlackPOS out of their systems. Trend Micro's solutions are easy to install and use, and they work alongside other security tools to provide comprehensive coverage over entire systems. By securing POS systems, organizations can avoid the heavy financial and reputational burden that data breaches would place on their shoulders.
Security management solutions like Endpoint Application Control from Trend Micro can ensure POS system safety in a world characterized by big-name hacks. Contact us today to find out how our products can improve defenses against malicious actors seeking to steal important customer data.