PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Playing Games With Merchants’ POS Terminals

Raymond Pucci by Raymond Pucci
September 27, 2017
in Analysts Coverage
0
Hand of woman paying with contactless credit card, NFC technology

Hand of woman paying with contactless credit card with NFC technology in an electrical shop, credit card reader, payment terminal, finance concept

1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Can the age-old video game Doom double as a payment card fraud fighter? Yes—when it demonstrates how vulnerable some retail POS terminals are to hackers. As the following article describes, one security expert used Doom to show how easy it can be to hijack a store checkout terminal.

A security researcher recently figured out how to install and play the classic first-person shooter video game Doom on point-of-sale credit card readers, the ubiquitous devices at store registers around the world that complete purchases when you swipe, tap, or insert your credit card.

While Nolan Ray’s hack isn’t going to blow up the POS world, it helps demonstrate the potential insecurities of our retail transactions.

At the annual hacker conference DefCon in July, Ray demonstrated his hack on the Verifone MX 925, a credit card reader still in use and receiving manufacturer updates. You can buy it on Amazon.com for less than $600. He began by unlocking the device with its default personal identification number, or PIN, which Ray says retailers—like consumers, with other Internet-connected devices—rarely change, due to laziness or a lack of guidance. More than 90 percent of POS readers rely on their default PIN for security, according to a 2015 study.

Once the terminal has been unlocked, any malicious hacker could access and steal data stored on the reader—or install a 25-year-old video game like Doom—wirelessly through a Wi-Fi or Bluetooth connection, or directly through its smart-card reader, or its USB or COM ports.

While you might not expect a store clerk to allow a malicious hacker to fiddle with a POS reader long enough to unlock or steal data from it, unmanned registers, especially at big chain stores, make for tantalizing targets. And as retailers increasingly rely on payment devices to process customer purchases and protect customer data, they need to become more vigilant than ever about the security at the register, Ray told The Parallax after his presentation.

Retailers can take various steps to protect their POS readers and, by extension, their customers. The first step, Ray says, is to change the default PIN.

Despite the widespread warnings about payment card fraud, especially through some infamous security breaches, there still remain ways that determined fraudsters can steal card data and personal information at checkout counters. While e-commerce, card-not-present transactions seem to get most of the attention of security pros, basic credit/debit card POS terminals can be a target for hackers. Large and small merchants with unattended terminals remain vulnerable to tampering. Those that treat payment transaction security as a low priority will soon find out that this is not a game.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group

Read the full story here

Tags: Fraud Risk and AnalyticsMerchantsPoint of Sale
1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from CSG Forte: