Last week, one of the world’s largest cash register providers, Oracle’s MICROS, suffered from a data breach caused by cyber-criminals. The attack infected more than 330,000 point of sale terminals at hotels, retail stores, and fast food chains worldwide.
According to security blogger and expert, Brian Krebs, the intruders planted malware on the MICROS online support portal and thus were able to steal customers’ credentials when customers logged in the support website. These usernames and passwords can potentially be used to access their accounts and remotely control their MICROS cash registers. It is reported that the suspected hackers have also hit at least five other major cash register providers, including Uniwell, Cin7, Navy Zebra, ECRS, and PART Technology.
Although it is still uncertain whether any consumer’s financial data was stolen, we should all be aware and learn from this incident. The security breach at Oracle’s MICROS shows that point of sale vendors continue to be a popular target for cyber-criminal gangs. As some cash registers continue to store retailer’s passwords and shoppers’ credit card information, point of sale firms are used as an easy gateway into retailers.
Here’s a checklist of what you can do to safeguard your point of sale system:
- Always use the latest version of your operating system and point of sale software. If you’re using Countr you can see your POS version in the banner on your product screen
- Install antivirus software on your point of sale terminal and run regular scans for malware and viruses
- Activate a network firewall and, if possible, only give access to known IP addresses to communicate with your server
- Monitor your security system regularly and make sure that everything is updated and works properly
- Password protect your point of sale terminals, tablets, phones, laptops, and other connected devices. If you’re using Countr you can use the Lock feature, Employee PIN or Admin PIN features for extra security
- Regularly change your password and use different complex passwords for each device or account
- Separate in-store payment networks from regular (e.g. customer) networks
- Implement end-to-end encryption
- Only connect to trusted hotspot locations and minimise connecting to public Wi-Fi hotspots
If you have any questions about security, feel free to leave them in the comments or send us a message at firstname.lastname@example.org