Browse Definitions :
Definition

point-of-sale security (POS security)

Point-of-sale security (POS security) is the study of vulnerabilities in retail checkout points and prevention of access by unauthorized parties looking to steal customer and payment card details from them. The purpose of POS security is creating a safe environment for customer transactions.

Memory scraping PoS malware is a major concern, as even large retailers have fallen prey to this credit card-stealing method. Memory scrapers access data at the time of the transaction, when payment data is not yet unencrypted. In late 2013, for example, criminals used a variant of the Backoff memory scraper to access information from over 70,000 accounts in the Target database. 

Out of date, unsupported operating systems are a great risk as they provide malware writers with more unpatched vulnerabilities. Windows XP-based systems still in use in many retail environments are vulnerable because they lack some of the more advanced security features of newer versions. For the sake of security, POS systems should use only up-to-date and well-supported operating systems.

Point-of-sale systems physical access and user privileges should also be strictly managed. If, for example, an employee uses a POS terminal for web surfing, they can expose the system to security risks. Ideally, the administrative account should be rigorously protected and the activities of other users strictly limited.

Isolation of POS systems on a network reduces the potential attack surface and makes suspicious activities easier to detect. Whitelisting can also help secure POS systems by limiting communication to only authorized external sites.

This was last updated in January 2015

Continue Reading About point-of-sale security (POS security)

SearchNetworking
SearchSecurity
  • man in the browser (MitB)

    Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is ...

  • Patch Tuesday

    Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system ...

  • parameter tampering

    Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's ...

SearchCIO
  • e-business (electronic business)

    E-business (electronic business) is the conduct of business processes on the internet.

  • business resilience

    Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business ...

  • chief procurement officer (CPO)

    The chief procurement officer, or CPO, leads an organization's procurement department and oversees the acquisitions of goods and ...

SearchHRSoftware
SearchCustomerExperience
  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

  • customer intelligence (CI)

    Customer intelligence (CI) is the process of collecting and analyzing detailed customer data from internal and external sources ...

  • clickstream data (clickstream analytics)

    Clickstream data and clickstream analytics are the processes involved in collecting, analyzing and reporting aggregate data about...

Close