POS Systems Remain Favorite Targets Of Cybercrime, At Least In US

The U.S. may be moving (slowly but eventually) toward EMV and chip-driven payment cards, but point of sale (POS) systems dominate the landscape for data breaches, while accounting for only a “tiny minority” of fraudulent activity outside the country, PC World reported Tuesday (June 9) via IDG News Service.

A study by Trustwave, a security firm, conducted last year found that hackings at POS locations were behind a majority of data breaches in North America, a number that declined to 10 percent in Europe, the Middle East and Africa, and only 11 percent in the Asia/Pacific region. Trustwave’s analysis looked at 574 breaches, with half of them occurring in the U.S.

The reason behind such a yawning discrepancy? EMV, which ties card chips to efficient antifraud controls. The technology has been more widely embraced beyond U.S. shores. IDG noted that hackers find barriers to cloning cards tough to surmount, even if they are able to capture data encoded on the magnetic stripes lining the backs of those cards.

In those areas where EMV has been firmly entrenched for at least a decade, online transactions and other activities in which cards need not be physically present have been the favorite hunting ground for hackers – hence the trend toward data breaches at eCommerce sites.

Looking at the global picture, Trustwave found that compromised POS systems made up 40 percent of the breaches studied, and that is a bit worse than the 33 percent seen in 2013. ECommerce sites accounted for 42 percent of breaches. Broken down by industry, food and beverage operations were a favorite target at 68 percent of the hacks studied, and retail was another 43 percent.

Trustwave found that there were cybercriminal preferences for certain types of data: eCommerce transactions yielded personal info; POS transaction data, commonly known as track data, was lifted in a third of those compromises. Cybercriminals also stole financial credentials in 12 percent of the incidents Trustwave tracked.

And the companies themselves can be termed oblivious: They found breaches themselves in only 19 percent of cases. That dismal showing came down from the previous year’s 29 percent, the research showed.

To check out what else is HOT in the world of payments, click here.