A Point of Sales (POS) Terminal is a portable machine used to accept bank cards of payments for goods and services. It allows a cardholder to have real-time online access to funds and information in your bank account through debit or cash cards.
No doubt, this is one of the innovations in the financial sector. It has already saturated, even smaller stores today have Point of Sale (POS). The something that the Central Bank of Nigeria is happy about considering it’s quest for a cashless system.
“With the introduction of the Cash-Less Nigeria Project and the release of the Guidelines on PoS Card Acceptance Services, the CBN outlined the Merchant Service Charge (MSC) and the modalities for its operation in the payments system,” says Dipo Fatokun, Director, Banking, and Payment System Department (BPSD), CBN.
“This had enhanced the issuance and utilization of cards transaction in the country and brought structure to the compensatory mechanism for parties involved in the transaction,”
The PoS terminal now eliminates the hassles of moving cash around. Many Nigerians are finding it convenient to make payments. This has already helped in reducing the security threats triggered by moving physical cash.
The PoS technology is probably becoming a bit indispensable for retailers who own supermarkets and big stores because they will hardly function if POS systems to process customers’ transactions are not there.
Despite been one of the most vulnerable and targeted destinations by hackers, PoS terminal is now a critical element of retailing recording significant increase in the number of transactions.
“Transactions on the PoS recorded an increment of 62% in 2016 to 33,720.93 transactions carried out in 2015,”Nigeria Inter-Bank Settlement System (NIBSS) said in a report.
The report from NIBSS shows that the total of ₦651.38 billion worth of transactions was conducted out through the PoS from January to November 2016. In reality, only ₦448.52 billion worth of the operations were carried out via the PoS in 2015.
Obviously, these transactions are usually prone to security vulnerabilities which retailer or customer should be aware of; it sounds good and innovative to pay for something without giving out money.
The convenience alone associated with this technology has made it a second option to dip hands into the wallet and make payments. However, it is imperative to note that online criminals are not sleeping at all; they have been working hard to steal your information.
Security Risks & Recommendations
According to 2016, Verizon Data Breach Investigation Report (DBIR) found that PoS breaches were amongst the commonest methods of attack accounting for 534 incidents.
Cyber criminals usually adopt different techniques such as phishing to gain access to retailers or customers’ network via a POS malware, after which they immediately start scraping the card to steal your data.
Apparently, if the network of your operates on a default credential, it means the network is incredibly and could render the PoS vulnerable. If there is any form of vulnerability on the PoS, hackers would be happy to launch their attacks. That is why it is imperative always to change the default password and ensure two-factor authentications as part of the security measures.
Another factor that could heighten the chances of getting attacked is when the installation of the PoS software is not done properly. A retailer or an organization should be seeking the services of a certified technician who can install PoS software beyond the default boxes. However, if you are relying on your abilities are not guaranteed, seek for certified technicians.
In the same vein, poor security policies are practical situations of vendor driven vulnerabilities and may account for of POS attacks, according to data.
Cyber risk expert Booz Allen Hamilton in his research states that the management practices and volume of vendors as two reasons that multiple data breaches happen through external vendors.
“A lot of effort is put into setting up the initial relationship…but, there is no provision for monitoring how or if that changes,” adds Drew Wilkinson, senior associate, and cyber risk expert.
The United States Computer Emergency Readiness Team (US CERT) recommends exercising complete control the IT environment by limiting internet access to POS terminals, as this would thwart users from revealing confidential data online while limiting the remote access to POS systems.
It has been emphasized that cyber attackers could phish authorizations for the remote desktop tools that give them complete control access to POS systems from any location.
“Installing firewalls and antivirus is imperative as many variants of malicious software and attacks often bypass antivirus detection.”