POS Data Breach Teaches Valuable Lessons
The hackers gained access by first scanning the Internet to identify U.S.-based POS systems with certain remote desktop software installed, and then used the remote applications to log into the targeted POS, crack passwords, and snag credit card data via keystroke loggers or “sniffers.” Remote desktop software is often used by small businesses to enable tech support on their systems from off-site, and often third-party, providers.
Tech best practices tell us remote access is a vulnerable point of entry. We also know that passwords should be changed regularly, and never to use default passwords. All too often, however, merchants’ systems are left exposed by such practices. PCI requirements are complex and U.S. payment technology is inherently vulnerable. Adding even more complexity, franchised environments are particularly susceptible when owners disregard corporate best practices.
This example reminds us not only to change our passwords, but that due diligence is a necessary component to security. In a time when competitive advantage is built by compiling relevant consumer information, and many merchants are readily embracing the opportunity to leverage personal data — including but not limited to a consumer’s preferred method of payment —
diligence is more important than ever.