Minimizing breach damage starts with the POS

Many businesses are looking at making investments in the point-of-sale technology they use to process payments. There have been numerous advances in these tools over the years, particularly regarding the implementation of mobile devices into the workplace. But the more pressing matter of late has been security - enterprises want POS solutions that use the latest in encryption and tokenization technology to ensure their customers are safe from data theft and breaches.

A new development in the legal space may just serve to kick POS upgrades up in the near future. In September, Target petitioned a Minnesota federal judge to throw out a consolidated class action lawsuit brought to it by banks regarding the 2013 cyberbreach. According to Fierce IT Security, Target claimed that merchants are not liable to banks that issue credit and debit cards.

However, the judge recently ruled that that banks are allowed to sue Target for negligence. As The Whir explained, the plaintiffs argued that this specific instance was not a case of third-party harm, but of straightforward negligence. Target had just recently purchased a new FireEye cybersecurity system and had it fully operational. The solution actually detected a breach, but the Target was so busy trying to deal with the holiday rush, the company ignored the warning signs. The judge ruled the breach was a foreseeable risk and Target chose to actively ignore it, making it a case of negligence.

“At this preliminary stage of the litigation, Plaintiffs have plausibly pled a general negligence case. Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur,” said judge Paul A. Magnuson, regarding the decision. “Indeed, Plaintiffs’ allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case: Plaintiffs allege that Target’s ‘own conduct created a foreseeable risk of injury to a foreseeable plaintiff.”

Growing cybersecurity damages may encourage more lawsuits
While the lawsuit regarding Target may not be apply to all cases - the plaintiffs found a way to turn the case into a negligence suit. While this decision may not always be applicable, this still sets a dangerous precedent for retailers and other businesses that fall victim to attacks. In the future, affected enterprises may find themselves paying even more in the aftermath of these breaches in terms of fines and lawsuits.

With financial damage from security breaches on the rise - Kaspersky Labs research found cyberattacks are costing companies up to 14 percent more this year than last year - security winds up being an important investment. Fraud and attacks are already significant expenses, often resulting in the replacement of vulnerable systems and fines, having to pay even more in terms of lawsuits from financial institutions may be more than many organizations can even bear.

Businesses need to look at ways to prevent cyberbreaches, and one of the best strategies is by taking another look at the point of sale. This is where Target was breached, with malware spreading to different locations across the United States and Canada. By making the right investments in this area, they may be able to prevent breaches. New encryption and tokenization technologies hinder the damage fraudsters can do by substituting dummy information for sensitive data.

This will also mean that merchants will increasingly be looking for POS solutions that utilize encryption and tokenization, which should make this a priority for POS developers.