Retail Point-of-Sale Breaches
Discover recently published a new Data Security Alert in order to help protect payment card data. This alert says that hackers have found a way to use remote access to card environments to install a malware called “Backoff.” There is a list of .exe files that have been found to contain this virus in the document. Additionally, retailers should review the recommendations and be aware that remote access and weak passwords to the card data environment can increase their vulnerability to a security breach.
Keep your retail business safe with these Discover recommendations
Discover recommends complying with all PCI-DSS requirements as well as the actions below to help keep your business protected:
- Use complex passwords and two factor authentications when accessing your payment data. Remote Access should also be disabled when not in use.
- Merchants should install new software patches as they are released by the software vendors. This will update your system by adding new features and fix any bugs.
- Install and keep your anti-virus and anti-spyware up to date.
- Implement file integrity monitoring to identify when files or logs are maliciously modified.
- Install and maintain firewalls to protect unauthorized access into the cardholder data environment from untrusted networks.
- Ensure your network environment is segmented and processing cardholder data separately from other areas of the network.
- Reboot point of sale systems daily to clear volatile memory.
- Visit the PCI Security Standards Skimming Prevention – Best Practices for Merchants for additional guidance on skimming prevention and POS tampering.
If you have any questions about what this alert means for your business or if you suspect a security breach, you can reach our PCI Compliance department at firstname.lastname@example.org or 888-477-4500.