Foreword Online

Ideas, information and industry news for collegiate retailers



Protect Yourself: Small Businesses are Prime Targets for POS Cyberattacks

Posted by Lori Reese on 6/14/17 5:30 AM
Topics: MBS POS, data security, cybercrime

How’s this for a mind-boggling number? $2 trillion. That’s how much cybercrime is projected to cost businesses by 2019, according to Forbes.

Protect Yourself: Small Businesses are Prime Targets for POS Cyberattacks

A glance at other statistics shows why no business — small or large — can afford to leave itself open to attack. The need to maintain an updated security-rich POS system has only grown in the past decade. If you’re still functioning with an outdated system, and you’ve survived thus far without a serious breach, the data suggests you’re living on borrowed time.

A sobering reality

  • Cybercrime costs quadrupled between 2013 and 2015 and they’re expected to quadruple again before 2020.
  • In 2016, more than 29 million records were exposed in 858 known data breaches, according to the Identity Theft Resource Center (ITRC).
  • One in four small businesses have “little to no understanding” of the cybercrime issue, according to a National Small Business Association (NSBA) report.
  • 50% of small to mid-sized organizations suffered at least one attack in the last year.
  • For small to medium-sized businesses the average cost of an attack was $879,582.
  • These businesses had to spend another $955,429 restoring normal operations in the aftermath of a successful attack.
  • Small businesses are often seen as a “backdoor” to larger organizations in their network.

The most vulnerable POS systems

Cybersecurity company Symantec Corporation says point of sale malware is among businesses’ biggest threats. With all the information college stores handle — credit cards, SFA, student cards and IDs — defense is about more than saving money. It’s a responsibility to the students and the university.

Three things cause the greatest POS vulnerability, according to Symantec:

  • An outdated operating system
  • Lack of point-to-point encryption (P2PE)
  • Unwillingness to adopt chip cards (EMV)

Hackers attacked the burrito chain Chipotle with a malware infection at the POS recently. It spread through cash registers then tracked data off magnetic strips: cardholder names, numbers, and internal verification codes.

How to protect yourself

The Chipotle attack wouldn’t have been possible if the chain had adopted EMV nationwide. If you’re among the retailers lagging behind in this transition, know that, as an increasing number of businesses adopt the technology, customers will be less forgiving of breaches and more experienced with the wait-time. Also, cybercriminals are aware that increased chip use will eventually block them, so they're picking up their attacks. The new Quick Chip will soon speed up processing. MBS Systems’ software and solution are compatible with Quick Chip, and the company plans to take advantage of it as it becomes more widely deployed.

Meanwhile, P2PE, another MBS Systems protection, is the most effective defense against “RAM-scraping attacks.” These work by searching the memory of a POS for digital patterns reminiscent of credit card numbers. P2PE thwarts such attacks because the credit card information never enters the POS. P2PE can also ward off internal threats from wayward employees with POS password information and shut down hacker attempts to gather data via email infiltration.

Finally, an updated OS makes it much harder for malware programs to travel throughout a network, gobbling up data or finding links to larger institutions with even more sensitive identifying information on file. You owe it to your business, your school and your students to ensure you have the safest system the industry can offer.

Let's Talk

About Lori Reese

Lori Reese is a Marketing Copywriter with MBS. She has more than 15 years’ experience teaching in college and K-12 classrooms. In her free time, she loves reading, creative writing and playing with her three-legged cat, Boss.

Article comments