Chilly weather, falling leaves and pumpkin-spiced everything are signs that the holiday season is just around the corner. Retailers have already taken steps to get ready by hiring and training personnel for these busy times. However, can they say the same for their point-of-sales systems? When a person pays with a debit or credit card, it’s swiped through a PoS device to complete the transaction, grabbing essential payment information to make the purchase. With all the data that PoS solutions handle, these systems become a likely target for malware and other cyberthreats.
Over the years, PoS malware has become more sophisticated, as seen by the Target breach in 2014. Businesses should be on the lookout for signs that FastPoS, a recent strain of PoS malware, has infected their systems. FastPOS has been updated to pose a new threat to retailers as the holidays approach, and it will be important for these organizations to review their security measures now.
The characteristics of FastPoS
In order to prepare for PoS malware, you must first understand what that particular strain is capable of. FastPoS, identified by Trend Micro as TSPY_FASTPOS.SMZTDA, directly steals credit card data from the system and exfiltrates the information to its command and control servers. Unlike some other malware strains, FastPoS aims to steal as much as possible, as fast as it can, even if that means that it’s detected. A number of small and medium businesses have likely already been infected by this malware.
With the holidays coming up, FastPoS received an update to make it ready for the biggest sales days of the year. Upgrades to any software help make it faster, more efficient and add functionality, all of which happened to the new FastPoS improvements. According to Softpedia, FastPoS can now infect computers with 32- and 64-bit architectures and abuse Windows Mailslots to target smaller businesses. If this sounds like your setup, it’s important to start reinforcing security measures now. The update serves as a reminder that the FastPoS developer is active, and the malware may become even more of a threat in the future.
How are people impacted by FastPoS?
Whether a business operates in a brick-and-mortar store, over a virtual environment or both, FastPoS can impact retailers this holiday season with attacks meant to take as much as possible before it’s found out. However, many groups are directing their focus to supporting their customer, rather than ensuring that their PoS systems are secure. According to the National Retail Federation, there’s expected to be a 3.6 percent growth in sales, to hit $655.8 billion. Revenue made during this time of the year typically makes up for nearly 20 percent of a retailer’s yearly sales, which shows just how many people shop around the holiday season.
Even with a threat like FastPoS on business systems, many consumers will likely still use their cards to pay for their goods. According to a 2015 survey conducted by Bankrate and Princeton Survey Research Associates International, 39 percent of shoppers planned to use cash, but 53 percent stated that they would use a debit or credit card for their purchases during the holidays. This makes sense because many cards, whether from a bank or from the store itself, offer a number of benefits when they’re used, like cash back or discounts. FastPoS developers understand this trend, and the update comes at a time when it’s likely to be the most deadly to retailers.
Are retailers ready for FastPoS?
Unfortunately, a number of organizations don’t appear to be prepared when it comes to deterring malware. According to a 2014 survey by the Ponemon Institute and EMC, 51 percent of respondents admitted that their PoS systems might not be able to handle the traffic that comes with the holidays. It also found that 64 percent of participants had an increase in attack activity during the holiday season, and they believe they’re more likely to experience fraud at this time. Retailers must cover all of their bases when it comes to their payment systems, in order to keep malware at bay and mitigate fraud.
It’s not too late for retailers to start securing their system against FastPoS and other malware strains. Identity Week noted that many organizations have an IT freeze during the holidays, where no new security tools or IT projects are implemented. This is done mostly to ensure that mission-critical systems are at their top performance and availability. While this can make sense when Thanksgiving draws closer, there’s still time to implement better security measures. In fact, many providers have products that won’t rock business operations when integrated. It’s in the organization’s best interest to start merging protection measures into its solutions.
“There is no logic in the argument: now is not a good time to secure our environment,” Identity Week stated.”Every day that information security is weak, is another day that your company can be exploited by hackers. And it’s another chance for your customers’ financial information to be stolen. There is no holiday season in cybersecurity.”
Why you should go the extra mile
If a retailer is operating off of pre-loaded security capabilities built into the PoS system, this isn’t going to be enough to stop all attacks. While it’s certainly a good first step, malware is constantly updated, as shown by the recent developments to FastPoS, and new, more sophisticated strains continue to emerge. These advancements often aim to exploit known security vulnerabilities within PoS solutions, and the standard security measures won’t win here.
Rather than going through your annual IT freeze, take this time to reevaluate your PoS protections. There’s enough time to make necessary changes and ensure that they work before the busiest days of the year. This effort will also provide a better experience for your customers. Malware deterrence means that no consumer will have their financial information compromised. This peace of mind is one of the best gifts to offer customers and it will reflect on the organization’s reputation and future public relations. FastPOS has been updated in time for the holidays, but you can take action now to prevent it from impacting your business.