Point of Sale Compromises: Security at the Speed of Business

Phil Hagen

Share this Project

Getting your credit card data pilfered at a point-of-sale system (e.g. cash register) is something that happens to someone else. YOU don’t go to dingy restaurants staffed with shifty wait staff and dodgy card-swipe machines; you go to reputable establishments that use systems built by people who know what they’re doing, right?  Consider this:

A remote-access attack on a point-of-sale vendor may have resulted in the exposure of payment card transactions conducted at Dairy Queen, Buffalo Wild Wings and other restaurants throughout the northwestern U.S.

Vancouver, Wash.-based food-service POS and security systems provider Information Systems & Supplies Inc. on June 12 notified restaurant customers of a remote-access compromise that may have exposed card data linked to POS transactions conducted between Feb. 28 and April 18 of this year.

Data Breach Today, July 1, 2014

Would you like a side of identity theft along with those wings?

As with most online technologies, there is nothing inherently wrong in using a remote access mechanism… That is, until someone with malicious intent gets into the mix. The B2B world is not going to move away from these kinds of solutions, so it is on the security solution provider to come up with an approach that will enhance security without impeding the ability to do business. More walls, moats, and “preventive” technologies are simply not a viable answer. While the back-end of any given system is probably sophisticated enough to handle it, on the front end we’re talking about users of computer technology working under conditions that demand speed and ease. Taking time to enter passwords or read numbers off of a fob or plug in some kind of token is a non-starter.

From a security perspective, such systems can provide a superior environment because the activities on such systems should be somewhat predictable and largely uniform. Activity outside these norms are an indicator that requires attention. As with any other online system, no one is going to “prevent” anything from happening. Reliably detecting misuse of legitimate credentials is possible but rarely timely. The difference between a limited compromise and a catastrophe is the speed at which anomalies and malicious behavior are detected and addressed.

Red Canary exists to minimize the time between compromise and detection. Our customers respond to security issues in minutes and hours – the same time-frame as the attackers. Most victims still operate on a timeline of weeks and months between compromise and detection – where do you fall on that scale? Give us a few minutes and we’ll explain how Red Canary can be the difference between an attack being a mere inconvenience and a major disaster.