Point-of-Sale Viruses & Credit Card Security

We hear about another major credit card security breach every few weeks. However, we rarely hear about the small ones like Carla at Spanky’s Marshside

These small breaches are more common than the big ones and are much more related to our businesses. So, I would like to take this opportunity to discuss protecting your data.

First, we will discuss viruses at the Point-of-Sale file server. This is a PC dedicated to your mission critical Point-of-Sale system. It should not be used for Email or Internet browsing.  All it takes is opening one seemingly irresistible email attachment or clicking on an irresistible popup while browsing the internet, a virus can install and cause all types of havoc.

Credit card data in restaurants has become a very popular target over the past few years. An email will sometimes arrive at typical sounding restaurant email addresses such as chef@123restaurant.com or gm@123restaurant.com or known email addresses in the form below:

“Dear Restaurant Manager
Is the $10,000.00 price for catering my Daughters upcoming wedding still valid, if so I would like to order with a credit card today?” Or something else that appears to be exciting and make you want to open the attachment.

In reality these attachments are viruses that will install and sometimes begin scanning your system for credit card data or other personal data. Each credit card number and expiration date is worth about $15 on the open market. Easy money for thieves, and a nightmare for a restaurant to deal with in the event of a major security breach.

The first way to protect your data is to not risk installing viruses. This means no internet browsing and no email at the Point-of-Sale file Server.  In addition to avoiding viruses, E2E or P2P encryption is becoming more common. In the simplest form, this means the credit card data is encrypted when it is swiped and unencrypted at a secure server someplace else in the world. This means that your Point-of-Sale system never actually handles any complete credit card data because it is encrypted and only readable by the server at the credit card processing data center someplace else in the world.

If you have any questions or you are interested in E2E please contact your Apex Solutions representative