As credit and debit payments became widespread, point of sale (POS) systems were created for the sole purpose of processing a purchase. These days, modern POS systems have additional functionality that intends to enhance the customer experience. For example, cashiers can use a POS system to sign you up for their loyalty program, and if you didn’t find what you were looking for, they can use it to check on inventory or even order it for home delivery. Some of the most advanced systems can now even scan customers in line to customize advertising or displays based on gender. Yes, today’s POS systems are now capable of so much more than just processing transactions.
The dichotomy of old and new, large and small, and specialty versus generic across the landscape of retailers and their POS systems makes security especially difficult. Many of these POS systems are running operating systems that are no longer supported, relying on system integrators for support and maintenance. These legacy systems have created a wide array of security loopholes, and as a result, the PCI Council created the Payment Card Industry Data Security Standards (PCI-DSS) to ensure the safety of cardholder data. The PCI-DSS is a framework for robust payment card processing that includes prevention, detection, and appropriate reaction to security incidents. This has since been augmented with the Payment Application Data Security Standards (PA-DSS), which validate secure payment applications, in addition to programs that qualify secure Integrators and Resellers.
Retailers need to re-evaluate their security strategy to look not only at protecting cardholder data for compliance purposes, but to ensure that ALL of the data they are collecting – from customer information to shopping trends – remains private. McAfee continues to work with retail technology vendors to enhance their value with our McAfee Embedded Security solutions, and you can read more about this problem in our research paper Retail Reputations: A Risky Business. For retailers managing older systems with unsupported operating systems, using value-added resellers, or those just looking to enhance their systems for greater security that goes beyond compliance, McAfee can help.