Preventing retail hacks with some commonsense

POS systems prove to be a hacker’s paradise when raiding unprotected data


Balan tells a story of sitting in the local coffee shop near his home that offered free wireless and finding that its internet connection is totally exposed to the public. This was bad enough, until he noticed them using this same computer for its POS transactions.

Balan advises that small retailers take three easy steps to help ensure their POS systems security. First, he says you must segment the network. “In the case of Subway, they had a Windows-based OS processing the transactions and those machines were also connected to the internet. No POS should ever talk to any source other than the bank.—period!”

He instructs that retailers should also have defined policy and procedures as they relate to POS protocols, and finally there must be a no-nonsense application of who is able to access resources related to transactions and when.

“Whether your network is in-house or out-sourced, every retail environment should have someone accountable for security issues. If it is a contracted POS vendor, then that vendor should outline specific and strict boundaries on how to use and manage those solutions,” Balan concludes.