614-322-2222 or 877-770-8324

Point of Sale Machines are Potential Cause of Another Data Breach

Mar

13

Point of Sale Machines are Potential Cause of Another Data Breach

Point of Sale Machines are Potential Cause of Another Data Breach

Neiman Marcus is the latest victim of a data breach caused by credit card hackers. Brian Krebs reported last week that the upscale department store had its database of customer information hacked last month. This comes in the wake of Targets historic breach of over 40 million credit card numbers and an additional 70 million personally identifiable information (PII) records of their customers.

Both of these attacks have some similarities, leading some to believe there may be a connection. The attacks happened around the same time, the stretch between Black Friday and Christmas. Also, in both cases, only customers that used their cards at the brick-and-mortar stores seemed to have their information exposed not online shoppers.

What is also important to remember about both breaches is that they occurred at the point of sale (POS). POS machines have many vulnerabilities during their use and after retirement. As Michael Kassner points out in a recent article, many POS machines are not run with proprietary software and are mostly Windows based. This means the devices that are collecting your credit card data are susceptible to the same security issues that are experienced on all other Windows programs.

The US ranks third among countries with the most virus threats and 40% of households in the US were affected by a computer virus in 2012. Windows components were third on the list of most targeted applications behind Java and Adobe, which are also found on Windows computers. The viruses that can infect home computers with frequency are the same viruses compromising POS machines.

But this is just the beginning. Hackers might be able to intercept and redirect your data at the POS level, but the vulnerabilities go beyond that. This data is being stored in data centers where hard drives are failing every minute. Every drive that is taken out of its working environment still has this sensitive data on it, where does it go from there?

It is important to protect the personally identifiable information of your customers, from the time their card is swiped to the secure destruction at the end-of-life stage for each device storing PII. Steps need to be taken to ensure that data bearing drives are properly contained and destroyed onsite and that data bearing devices (POS machines as well) are properly wiped and recycled. If done right, your company can have complete indemnification, from the containment stage through the destruction and removal process.

Would you like to evaluate your current process or learn more about our onsite data destruction solution? Don’t hesitate, contact us today. We look forwarding to hearing from you!



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


    Why risk it? Get started today! Call 614-322-2222


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.