A look at payments security from the eyes of a cybercriminal

Log into any popular news source on the Web and it will quickly become apparent that payment security is a big issue for many modern companies. Regardless of whether they’re a massive global retailer such as Target or a small mom-and-pop store, businesses are being targeted and compromised, which means every company must be aware of payment security.

The problem for many merchants is that payment security is a multi-faceted issue. There’s no quick fix they can implement to ensure their security. Part of the problem is that there are so many different ways cybercriminals can access payment information. Whether by clean fraud or by breaching point-of-sale solutions to skim credit card information, they unfortunately have a lot of tools at their disposal.

Vulnerabilities at the point of sale
The recent Target breach illustrates just how fickle security can be at the point of sale. One report from Symantec noted stealing credit card information can be a lucrative prospect for cybercriminals, earning up to $100 per card. A breach the size of the one at Target, which resulted in the theft of 40 million cards, can net fraudsters billions of dollars at that rate.

As Symantec suggested, the modern POS, which are essentially configured computers with sales software installed on them and equipped with a card reader, are commonly jeopardized through card skimming by installing software into the reader that can lift the card data. Malware that can execute these attacks is easily obtainable through the black market, which makes it all the more worrisome for businesses that conduct card-based transactions.

Fortunately, those involved with the creation of tools and applications are on the job and working on new tools and technology designed to prevent breaches. There are numerous steps that POS operators can take to protect their systems. At the same time, new tools and technologies such as tokenization can go a long way as well in allowing companies to protect their customers.

The threat of ‘clean fraud’
The big problem, however, is the fact that cybercriminals have a number of ways to gain access to sensitive data. Although many publicized breaches stem from vulnerabilities in POS solutions, that is only one part of the problem for companies.

Speaking with PYMNTS.com, John Sarreal, senior director of product management at fraud prevention firm 41st Parameter, noted the rise of “clean fraud,” which is when they fraudsters obtain access to sensitive files through legitimate means. For example, they may spoof an email, assume a fake identity on the phone to trick people into giving them confidential log-in information or buy credentials from the black market, which in turn allows them to break into systems without actually forcing their entry.

Not only is clean fraud difficult to detect because there is less suspicious activity, it’s also hard to prevent because most people don’t know to be aware of this threat in the first place. Yet as long as simple authentication tools are in place, they will pose a threat.

Securing customers’ payment information should be the top priority of any business. As long as security is in question, people won’t have confidence in making purchases with these companies. However, organizations need to realize the threat is manifold - upgrading POS software is a great place to start, but that is far from being their only concern.

POS software developers also need to do their part in leveraging the latest encryption and security technologies with their products. This will not only help them win more sales, but also help clients protect their customers.