Following the recent spate of Dexter malware attacks to a number of point of sale (POS) systems in South Africa’s biggest fast food chains and restaurants, Wayne Olsen, Chief Technology Officer at SecureData Africa, believes that industry claims infected systems are clean and that consumers have nothing to worry about are unfounded.
“Consumers should be concerned. It is a well known fact that over the festive season there is a marked increase in malware and virus attacks for financial reward. While the latest spate of malware attacks focused on larger retailers and chains, it is the smaller guys that should be the most concerned.
Olsen believes that now that the latest variant of this particular malware has been identified and cleaned off high-profile retailers, it is the smaller retailers that will be the next and unfortunately often easy target. “They should not under any circumstance be lulled into a false sense of security,” he adds.
Here Olsen emphasises the importance of educating smaller retailers to have the basics in place when it comes to securing their technology and particularly their POS terminal which in most cases is a Windows desktop or laptop. “Having the latest anti-virus software means absolutely nothing if the operating system it is sitting on is not up-to-date. In addition to regularly updating the anti-virus software, retailers need to ensure that the operating system on their POS terminal regularly has its patches updated. Patches in effect act as a plaster plugging any holes in the software,” he adds.
Olsen says Wi-Fi networks pose another huge threat. “Many POS terminals operate on the same Wi-Fi network as that used by staff and customers. This means that anyone can infect or hack into it. Segmentation of the network is vital to ensuring a secure POS terminal,” he explains.
Also worrying for Olsen is the fact that many small retailers leave their POS terminals unattended. “Making the POS terminal easily accessible to the general public puts the business at huge risk. Here again staff need to be educated as to possible risks so that they can be aware of and respond to suspicious activity. Making it easy for someone to tamper with the credit/debit card reader or stick a malware-laden USB driver into the POS box should be avoided at all costs. It is also not advisable to make the POS terminal available to staff for internet and email access,” he comments.
At the end of the day, Olsen reiterates that it comes down to the ensuring that the basics are in place. “Unfortunately no technology can ever truly be one hundred percent secure. If perpetrators want to gain access, they will find a way sooner or later. You just need to ensure you don’t make it easy for them,” he concludes.