McAfee: POS-centered attacks to continue in 2015

Vincent Weafer, senior vice president of McAfee Labs, once dubbed 2014 “the year of shaken trust,” for obvious reasons. Numerous high-profile retail brands were embarrassed when cybercriminals exploited their point of sale systems to steal customers’ personal information and credit and debit card numbers. To make matters worse, many of these breaches went on for months before they were discovered, illustrating just how poorly companies are safeguarding their own solutions.

In fact, many customers have even begun to doubt whether retailers can actually protect this information. Some have even begun taking manners into their own hands by using cash, pre-loaded cards that cannot be linked further back to customers’ finances or by simply avoiding retailers that have been hacked in the past. Others are resigning themselves to the fact that no matter where they shop, they stand the risk of potentially being robbed of their sensitive data.

“This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations’ abilities to protect their data, and organizations’ confidence in their ability to detect and deflect targeted attacks in a timely manner,” Weafer asserted. “Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape and new security postures that shrink time-to-detection through the superior use of threat data.”

2015: The year of prolonged attacks
If 2014 marked the year when consumers lost their faith in retailers’ ability to protect their information, 2015 is poised to be the year during which criminals refine their attacks even further. Attackers will become even more refined in their tactics - McAfee expects attack frequency will increase, but also that cybercriminals will become stealthier and more difficult to detect, allowing them to conduct more prolonged attacks.

The point of sale, in particular, will come under fire. Although many merchants are switching to EMV-enabled hardware, the fact of the matter is that adoption will be slow and many traditional terminals will remain in use. Additionally, new payment options - such as near-field communication-based mobile payments - continue to see further use. While that is good for retailers and customers in terms of flexibility, it also represents more options for cybercriminals to gain access to sensitive information.

“Point of sale (POS) attacks will remain lucrative, and a significant upturn in consumer adoption of digital payment systems on mobile devices will provide new attack surfaces that cybercriminals will exploit,” the report added.

Leveraging encryption to minimize damage
Cybercriminals are constantly perfecting their art, and no matter what systems retailers put into place, it will be difficult for merchants to combat them. However, even if they cannot stop fraudsters from breaking in, they can stop them from walking away with sensitive information by leveraging updated security features like tokenization and encryption.