Where is Your Point of Sale System Vulnerable?

ENTRY POINT Vulnerability in Small Businesses Passwords Hackers can break into dozens of small businesses 63% of 2010 cyber attacks were at companies with 100 EMPLOYEES OR FEWER or one large one in the same amount of time. 50% of business users are still using EASILY -GUESSED PASSWORDS POS Vulnerabilities You Didn't Know Were There of credit card data breaches are on SMALL BUSINESS CUSTOMERS (according to Visa's estimates) 95% The most common being DEFAULT PASSWORDS "Password1" A major vulnerability issue commonly target by hackers Setting the Scene Limited budgets and few or no tech experts on staff Credit Card Hacks 50% 45% Hackers within a nearby proximity can inject malware programs over an unsecured wireless network In 2012 the of data breach RETAIL investigations 25% One of the most common attacks on INDUSTRY made up HIGHEST PERCENTAGE IN RETAIL HISTORY small businesses 15% increase over 2011 According to the Payment Card Industry, Security Standards Council many businesses neglect basic security D OODOO00 E-COMMERCE Attacks were discovered in sites were the most measure 29 DIFFERENT common target, accounting for 48% the largest percentage originated in Romania of all investigations of attacked businesses took 64% more than 90 DAYS to detect an intrusion 210 overall average Access controls should be placed around a wired network Attacks can appear as attachments or links in Employee Theft employee emails Malware & Viruses KEYSTROKE LOGGERS Many business owners neglect IT security Financially motivated attacks typically rely on planted computer code PURPOSE & KEYLLAMA - keystroke logging hardware ADVERTISED AS Lack of software makes KeyLlama impossible to detect MONITORING SPYWARE Network scans by an ASV can help close network holes 100% Can hold of memory The keylogger program records each keystroke and uploads recorded data to a USB or over the Internet with larger software systems 4MB and vulnerabilities STEALTHY SAFETY TIPS DATA CRIME RINGS The Unprotected Wi-Fi Network paying employees for data Restrict direct Internet access of business failures are a CAUSES 60% Reject unauthorized devices direct result of internal theft Change default passwords Isolate storage systems 34% 18-29 YEAR OLD employees believe it is justifiable to steal from their employer POOR OR NO ENCRYPTION NO PASSWORD OR WEAK/DEFAULT PASSWORDS WEAK ENCRYPTION ALGORITHM Don't store card data unless needed IMPROVING SECURITY EDUCATE EMPLOYEES Conduct security awareness training on a regular basis PROTECT DATA Take the "more than IDENTIFY USERS REGISTER ASSETS Keep a complete inventory or registry of valid devices UNIFY ACTIVITY LOGS Combine physical and information security VISUALIZE EVENTS Every user-initiated action should be tagged Identify patterns and vulnerabilities technology" approach Sources http://consumerist.com/2010/07/29/wendys-employee-caught-using-credit-card-skimmer-to-steal-135-identities/ http://www.spyemporium.com/hardware-keylogger/usb-keylogger-keyllama-4MB-USB/ http://online.wsj.com/article/SB10001424052702304567604576454173706460768.html http://www.networkworld.com/community/blog/cyber-crime-ring-stole-200m-invented-7000-fake-ids-ripped-thousands-credit-cards http://www.vendorsafe.com/blog/2012/12/if-you-use-a-point-of-sale-system-a-new-attack-has-been-discovered/ DEVELOPED BY http://blog.scorpionsoft.com/blog/2013/02/change-default-passwords-to-reduce-business-vulnerability.html http://usa.visa.com/download/merchants/top_three_pos_system_vulnerabilities_112106.pdf http://www.vendorsafe.com/blog/2012/12/if-you-use-a-point-of-sale-system-a-new-attack-has-been-discovered/ http://searchmidmarketsecurity.techtarget.com/definition/keylogger N NOWSOURCING Merchant Warehouse II