With news that cybercriminals have used point-of-sale (POS) malware to steal details of more than 167,000 credit cards from payment terminals, we shine a spotlight on the security shortfalls associated with processing payments via POS terminals in the contact center.
In this particular example, thieves used two strains of POS malware – MajikPOS and Treasure Hunter – to steal credit card information which, if sold on underground forums, could be worth in excess of $3.3 million.
Almost all of the victims are Americans, with US credit cards. And with the malware still active, the number of people affected continues to grow.
Both available to buy on black marketplaces, the MajikPOS and Treasure Hunter malware infect Windows POS terminals and scan the devices to exploit the moments when card data is read and stored in plain text. In the recent incident it was found that 75,455 or 97% of the cards compromised using MajikPOS malware were issued by a US bank. And 86,411 or 96% of cards compromised by Treasure Hunter software were also US bank issued.
The risk of using POS terminals in the contact center
Although the usage of POS malware has decreased in recent years, as alternative payment methods become more readily used, the threat is still active for organizations processing credit cards via POS terminals in their contact center.
Not only does the agent hear the credit card details, and manually enters them into the terminal, the terminal is vulnerable to being compromised by malware that sends copies of credit card numbers to the hackers.
And with many businesses in the country still processing contact centre payments via POS terminals, American contact centers specifically remain a target for POS malware and therefore at risk of a data breach.
What can contact centers do to protect themselves from POS attacks?
There are ways that organizations can mitigate the risk of POS malware infections. Quick wins include: secure passwords policies, keeping devices up to date with the latest software and for long term protection, it is also suggested companies use network defence products such as firewalls, and whitelisting to deter hackers.
Another solution is to ensure your organization is compliant with the Payment Card Industry Data Security Standard (PCI DSS), by descoping your contact center from its requirements. PCI Pal’s Agent Assist cloud payment solution utilises Dual Tone Multi Frequency (DTMF) masking technology and sends the card number directly to the payment gateway. Agents cannot hear customer card information and no POS terminal is required, which removes the threats posed by POS malware attacks.
Contact us today for a more secure way of handling payments.
