PoS physical attacks are the last thing on one's mind when cybercrime is discussed. Instead, many imagine hackers in far off lands remotely breaking into servers and stealing information which is then sold and the only time, we become involved is when the bank freezes our cards - shockingly this is not the case.
For example, in why your EPoS is your worst enemy, we saw that 48% of data breaches in the retail and hospitality sectors were classed as 'physical attacks', this means that the criminal had to locally go into the retail space and tamper with the PoS system.
This article provides a quick overview to the most common attack and defence tactics used to compromise/protect your PoS system.
PoS Physical Attack Tactics
The most common tactics used to compromise a PoS terminal can be categorised into 4 main sections.
- The Skimmer: 'Skimming' is the process of copying the magnetic strip data on a credit or debit card so it can be used to 'clone' the card and used to make unauthorised purchases. Outlaws replace or modify the PoS devices to record or transmit the data to a secure location and use a number of tactics to get achieve their ends:
- The Smash and Grab: Criminals bribe employees to let them take the PoS terminal or separate device and modify it for nefarious purposes. The criminals quickly return the device and the rest of the staff are none the wiser
- The Sleight of Hand: Some criminals will quickly and covertly modify a PoS device right there and then
- The Con: Law enforcement agencies have reported criminals that pose as employees of the PoS terminal's manufacturer in an attempt to tamper with the device
How to Fight Back
Thankfully retailers have several tactics to help minimise the risk of physical attack. Here are the key defence manoeuvres you have at your disposal,
- Check device serial numbers: Make a record of your PoS devices serial numbers, regularly make sure the serial numbers match your records
- Educate Staff: Porthole AdEnsure that your staff know as much about physical tampering as you do; signs to look out for, what a tampered device looks like, tactics criminals may use, e.t.c.
- Physically secure PoS devices: Use cables and locks to make it difficult for criminals to remove or modify the devices
- Install CCTV: Maintain a video recording device on your PoS terminals at all times to deter criminals
A huge proportion of data breaches in the retail sector is due to physical attacks, the basis for protection your business lies in education.
The retailer needs to educate themselves and their staff of the techniques criminals use to gain access to a customer's information and devise a set of policies to either prevent PoS device tampering or nullify a compromised PoS's effects.
If you enjoyed this article, you may also enjoy reading:-
An overview of the most common attacks on retail systems.
A guide to defence against the most common security threats in the retail sector.
Malware-based attacks accounted for a quarter of all successful data breaches. This guide details how to protect your retail systems from the most common malware attacks.