The point of sale (POS) system which typically includes a debit/credit card reader, has brought a lot of convenience to the brick and mortar stores, as customers now pay for goods and services without the need for cash.

While these card readers are often attached to another device, such as smartphone or tablet, fraudsters are specifically targeting the inexpensive card readers, which are rampant in small businesses outlets like local grocery stores which use them to accept payments.

The trend of cashless payment is growing at an alarming rate, but then, outside the convenience are lurking serious security threats, as cybercriminals can steal financial data owing to weak security on these terminals.

At the recent Black Hat security conference in Las Vegas, Leigh-Anne Galloway and Tim Yunusov of cybersecurity company Positive Technologies revealed that Point-of-sale terminals, such as credit card readers, are increasingly a target for fraudsters.

According to the researchers, the cheaper payment systems may cost less, but businesses could end up costing their customers more.

They examined how much security were in the cheap mobile readers that cost way below $50 and their finding shows that the cheap readers have flaws that could allow dishonest merchant to change the displayed amount on the screen, and also the device could show that a transaction failed when it actually didn't and compel customers to pay twice.

Also, the display could be adjusted to require customers to use the magnetic stripe, instead of the more secure chip on the credit card.

A fraudulent merchant could change the transaction value to make it a higher value than the displayed amount on the reader, and that's significantly realistic, as the attack vector can be carried out via swiping.

The vulnerabilities, however haven't been exploited in the wild, but for those concerned, it is best to stay away from swiped transactions and stick to security chips, at least for better protection.

How Point of sale terminals and Card readers are increasingly targeted by fraudsters



The point of sale (POS) system which typically includes a debit/credit card reader, has brought a lot of convenience to the brick and mortar stores, as customers now pay for goods and services without the need for cash.

While these card readers are often attached to another device, such as smartphone or tablet, fraudsters are specifically targeting the inexpensive card readers, which are rampant in small businesses outlets like local grocery stores which use them to accept payments.

The trend of cashless payment is growing at an alarming rate, but then, outside the convenience are lurking serious security threats, as cybercriminals can steal financial data owing to weak security on these terminals.

At the recent Black Hat security conference in Las Vegas, Leigh-Anne Galloway and Tim Yunusov of cybersecurity company Positive Technologies revealed that Point-of-sale terminals, such as credit card readers, are increasingly a target for fraudsters.

According to the researchers, the cheaper payment systems may cost less, but businesses could end up costing their customers more.

They examined how much security were in the cheap mobile readers that cost way below $50 and their finding shows that the cheap readers have flaws that could allow dishonest merchant to change the displayed amount on the screen, and also the device could show that a transaction failed when it actually didn't and compel customers to pay twice.

Also, the display could be adjusted to require customers to use the magnetic stripe, instead of the more secure chip on the credit card.

A fraudulent merchant could change the transaction value to make it a higher value than the displayed amount on the reader, and that's significantly realistic, as the attack vector can be carried out via swiping.

The vulnerabilities, however haven't been exploited in the wild, but for those concerned, it is best to stay away from swiped transactions and stick to security chips, at least for better protection.

No comments