“May Day!,” Pt. I: Malware Security Alert for POS Devices
Malware Security Alert for POS Devices. May Day brings forth joyous celebrations! In the United States, it evokes imagery of May Poles and the blossoming of spring love. Meanwhile, vibrant parades and marches commemorate the day throughout Europe, preserving its significance as a “worker’s holiday,” just as it did in the 19th Century. In the spirit of “May Day!,” Pt. I, we issue a vital warning concerning Malware Security for POS Devices.
“May Day!” is also a cry of alarm — especially on the high seas. However, it is probably not connected to either of the “Labor Days,”.
Now, these elements converge as digits take the place of printed broadsides, reminiscent of the 19th-century labor organizing era, while work itself undergoes an ever-growing digitization. As is the nature of money, purchases, and transactions, as readers of this space know so well.
In that regard, we have a “May Day!” in the ships-in-distress sense, a warning to merchants everywhere about RawPOS Malware. Any users of Windows POS devices are especially at risk.
If you have a stand-alone terminal, however, like a Hypercom/Omni terminal, you may be in the clear. Nevertheless, reports indicate that the malware is continuing to spread at “alarming rates.”
Initial Steps for Windows POS Devices
If your business is using a Windows POS device, make sure to consider the following primary measures.
- No matter which of the two recent Windows Operating systems you are utilizing, ensure that the OS is entirely up-to-date and patched.
- Make sure you’re also compliant with all PCI-DSS 3.0 security requirements. You can easily find a link to a PDF with those requirements right here, which can be beneficial for your IT Department if they require it.
- If a machine is used by multiple persons as the Point of Sale device, it should be limited to a single function as the POS Terminal. It should not also have “multiple functions” tying it unnecessarily to other networks, data bases, etc.
- If you cannot avoid having multiple users and functions on a device, make sure to take extensive precautions as listed in the PCI-DSS.
We will have an overview of these precautions in the second part of our “May Day!” alert, next week!