With major data breaches making headlines all over the world, company leaders are becoming increasingly wary of hacks. Being the victim of a cyber attack is terrible on multiple levels, but perhaps the worst is the loss of business. Reputation is everything when running an organization, and getting hacked is one of the quickest ways to lose customers.
This is especially true of attacks levied against point-of-sale solutions. These systems handle quite a lot of personal and financial information, and the loss of this data could spell disaster for any person who purchased a service or product from the compromised company. As such, business administrators should be doing everything in their power to avoid such an attack against their organization.
Breaches in general are bad for business
Before diving into PoS hacks specifically, it's essential to first understand how devastating any sort of breach can be to a company's reputation. Companies have a very fragile relationships with their customers. Consumers are a fickle bunch, and they'll move on to the next company with a similar service or product the second they feel they've been slighted. This is especially true of hacking events, as the average person is quite worried about the security of their personal information.
In fact, a Gallup poll found that around 70 percent of Americans are concerned about the possibility of their credit card data being hacked. While that's certainly indicative of how American's feel about hacking, this is exemplified even further considering that 18 percent in the same study worry about being murdered. Being killed is obviously worse than losing control of your identity online, but the point here is that people know how common hacks are compared with murders.
Clearly, the fear of becoming the victim of a cyber attack is alive and well in the consumer base of every company, which is why it's so important for businesses to do everything they can to avoid getting hacked. The consequences of not doing so can be terrible, a reality that was shown in The 2015 Information Security Breaches Survey that was run by PricewaterhouseCoopers.
In the course of this study, which was reported on by CSO, it was revealed that 41 percent of respondents believed the worst part of a recent data breach incident was that their company suffered a major blow to its customer-facing image. Doing business with an organization these days often requires the trading of sensitive personal information. If a company has a track record of getting hacked, customers simply can't trust it and the whole system falls apart.
Fast food is an easy victim for hackers
Now that the reputational impact of hacking is understood, it's time to dig into what kinds of PoS systems cyber criminals go after. The whole point of hacking – and computers in general – is to get the best result with the least amount of work, so it makes sense that hackers would want to attack a target-rich environment from a singular platform. This is why many cyber criminals choose to go after fast food restaurants when installing malware on a PoS system.
The reason for this is simple, and it's in the name of the style of food these places serve. When people go to a Wendy's, they just want something quick to eat so they can be on their way. So much customer turnover means more opportunities to steal credit card information, which is most likely the motivation behind a recent attack that infected the PoS systems of just under 300 Wendy's franchise stores.
Although the company has been scrambling to discover the source of this particular attack, nothing has been found yet. The number of stores affected is only a small portion of the organization's 5,500 North American locations, but frequent Wendy's customers should still be wary. Trend Micro security experts advise monitoring any bank accounts connected to cards that would have been used at Wendy's for suspicious activity.
Hospitality is a target, too
Another target hackers of PoS systems like to hit are hotels and other members of the hospitality industry. A lot of this has to do with the fact that renting a room very often requires the guest to put down a credit card in the event that something is damaged or the person orders room service. Again, this creates an environment where hackers are given a plethora of credit card information if they can compromise the PoS solution that holds it all together.
In fact, Trend Micro has reported on such a hack that befell Hilton Worldwide. Between Nov. 18 and Dec. 5, 2014, as well as between April 21 and July 27, 2015, hackers were able to begin collecting the data garnered from credit card transactions at a wide array of Hilton Worldwide resorts. Big names like the Waldorf Astoria and Hampton Inn and Suites were affected by this hack, which means the cyber criminals were given access to the financial information of very wealthy individuals.
Everything from names, security codes and credit card numbers have been compromised, which is enough for a hacker to fraudulently impersonate a person in order to steal funds. That said, certain data points did remain secret. Physical addresses and other personally identifiable information were kept private, but the data that was breached is certainly nothing to scoff at.
EMV chips can help
Although updating PoS software and doing everything to ensure vulnerabilities are closed are steps every institution should take to ensure the privacy of their customers, the reality is that organizations need multiple levels of security. As such, Trend Micro researchers recommend that one of these levels should be promoting the use of EMV chip cards for transactions.
The reason for this has to do with how insecure regular magnetic stripe cards are. While these kinds of credit cards have done quite well for years, the problem with them is that they are designed to store all of your banking data in a singular place. When you swipe your card, the vendor is given access to all of your banking information so that they can complete the transaction. The problem with this is that if someone else can see what the vendor sees, then they're also given all of your data.
EMV chip cards, on the other hand, don't store all of your information and instead rely on unique codes for each transaction. If a hacker is ever given access to a PoS system, he will only be able to see the data from a transaction that's already occurred, meaning he can't use this to steal any of your money. PoS systems can be easy targets for hackers, and EMV chips can help stop these criminals in their tracks.