Payment processing devices for credit and debit cards is the newest target for cybercriminals because of lax security controls. The most common target, small businesses, according to a report from Trustwave. Trustwave, which investigates payment card breaches for companies such as Visa and American Express, conducted 220 investigations worldwide involving data breaches in 2010. The vast majority of those cases came down to weaknesses in POS devices. “Representing many targets and due to well-known vulnerabilities, POS systems continue to be the easiest method for criminals to obtain the data necessary to commit payment card fraud,” according to Trustwave’s Global Security Report 2011. POS devices read the magnetic stripe on the back of a card that contains account information, which is then transmitted for payment processing. Although there are rules for security controls developers should use for the devices, such as the Payment Application Data Security standard (PA-DSS), Trustwave said “these controls are rarely implemented properly.” POS devices are an attractive target for cybercriminals since the data they access from the cards is more complete, Trustwave said.
Pingback: SecureConnect