Point-of-sale vulnerabilities can affect millions of terminals for merchants and customers. This threat of attack potentially places consumers at risk of data theft and credit card fraud. This claim is the assessment of cybersecurity experts at the recent Black Hat EU security conference. Here is what you need to know:
Cybersecurity Experts Highlight Mobile Payment Threats
Speaking at the recent Black Hat Europe security conference, cybersecurity researchers Timur Yunosov and Aleksei Stennikov highlighted a growing threat by data thieves to mobile payment devices. The experts identified point-of-sale payment terminals as the biggest threat – especially those made by Verifone and Ingenico.
Older Point-of-Sale Terminals in Danger of Hacking
The main issue with point-of-sale (POS) devices is their reliance on default passwords. These passwords provide physical access to information via a “service menu.” Service menus provide basic functions that are vulnerable to malware. Thus, this weakness makes them easy targets for hackers. POS terminals encrypt credit card data. However, that encryption occurs on the same terminal that is already potentially compromised with malware.
According to both experts, a hacker would only need five-to-ten minutes alone with a POS terminal to infect it with malware – potentially harming all customers using that device. Fortunately, many of these issues no longer pose a threat and are already fixed.
Only Legacy Point-of-Sale Vulnerabilities Impacted
A Verifone spokesperson was quick to note that a security patch already exists for the issue. In addition, many of the concerns relate to legacy devices. “The security firm has validated that our latest patches and software updates, which are available to all customers, remedy these vulnerabilities. Customers are currently in different phases of implementing these patches or software updates,” the spokesperson said in a statement to Forbes.
Ingenico, for its part, also stated the vulnerabilities are known – and no fraud has occurred to date. A spokesperson told Forbes that, “Different vulnerabilities impacting Ingenico POS Telium 2 terminal solutions have been identified. Proper security measures have been developed immediately to include suitable corrections after the vulnerabilities have been identified.” They continued, “Ingenico has not been made aware of any fraudulent access to payments data resulting from these vulnerabilities, already fully corrected.”
Featured photo by Sarah Pflug / Burst
Editorial Disclosure – The opinions expressed on BestCards.com's reviews, articles, and all other content on or relating to the website are solely those of the content’s author(s). These opinions do not reflect those of any card issuer or financial institution, and editorial content on our site has not been reviewed or approved by these entities unless noted otherwise. Further, BestCards.com lists credit card offers that are frequently updated with information believed to be accurate to the best of our team's knowledge. However, please review the information provided directly by the credit card issuer or related financial institution for full details.