VARs: Are You Ready To Take Up The Mobile POS Security Challenge?

By Jessica Cooper, Solutions Manager, Check Point Software Technologies

Cyber Awareness month just came to a close and it raised awareness about the need to secure one of the most challenging environments — mobile point of-sale (mPOS) systems.

Any company that sells items and/or services either online or by storefront can tell you about the many benefits of using mPOS systems. Everything from small businesses to large retail stores, to coffee houses and grocery stores are now using mPOS. There are several advantages to both business and consumer by using this technology:

1. Customers can make payments through their smartphones and tablets by using their credit or debit cards or using mobile payment apps like PayPal, Apple Pay, and Android Pay.
2. There is great flexibility and convenience to all parties — salespeople have the option of accepting payments remotely or from any location inside the store, and this benefits customers because it reduces the wait times and frustrations of long lines.
3. Research by Accenture shows that Mobile POS environments encourage faster buying decisions and decrease shopping cart abandonment.

However, have you considered the importance of securing mobile POS systems?

Mobile POS systems add to the already large attack surface because it gives hackers another potential entry into networks, information, and sensitive data. The fact is point-of-sale intrusions are a reality. These attacks have happened before, and most likely will continue to happen. The primary vulnerabilities include the mobile operating systems, mobile-specific malware, and POS data. If mobile POS systems are infiltrated, it can affect both the consumer and the business, as the data contains highly sensitive financial information: credit and debit card numbers, phone numbers, addresses, and email addresses. This information could be used to make fraudulent purchases and compromise bank accounts, as well as used for identity theft. With so much at risk, you don’t want to see your clients on the receiving end of an attack.

Look for a mobile POS system that adheres to these primary security principles:

1. It’s essential that your clients are able to identify and track all components of their networks — especially endpoints and mobile devices.
2. Have threat prevention systems in place for the overall environment, including antivirus, anti-bot, firewalls, and protection against sophisticated malware used in advanced persistent threats and zero-day attacks.
3. There needs to be continuous monitoring to ensure that systems and all protections are operating properly, that systems generate event and audit logs for review, and that potential threats are identified before any damage happens.
4. Encrypt the data and all communications, such as text messages that confirm payments or communicate other information to customers.

More businesses are using mPOS systems as an effective and convenient payment method for their customers, but it is for this reason that businesses are highly targeted. Hackers can pursue any company and use a variety of mobile threats to steal sensitive account information. Companies should not make the mistake of waiting until they are attacked so they can improve their security; it’s best to get a head start and strengthen security controls to prevent dangerous threats from disrupting business. As we embark on the holiday season, help your clients evaluate their current cybersecurity environments and ensure their mobile payment systems are secure from every angle.