Media Kit

Fb Share

Subway has been the subject of intensive scrutiny and media attention since it came to light that its POS system was found to be vulnerable and that several credit cards had been electronically stolen from them by an overseas crime syndicate. This month, several of the computer hackers involved with the theft admitted that their activities resulted in about 146,000 accounts being compromised over the span of two to three years. Current estimates put their total criminal enterprise to be responsible for about $10 million in theft.

There are certainly two lessons to be learned by this story by anyone who takes credit cards as part of their business:

1. PCI (the standard designed to keep credit cards safe) is not a one-time effort. You must maintain the things that PCI demands at all times, 24 x 7 x 365. Too often, people hope to implement some security and then forget about it. Hackers are constantly getting better at their craft, so anyone trying to keep credit cards safe must always be monitoring and improving their security.

2. What your location can send out the on the Internet is just as important as what you prevent from coming into your store from the Internet. Most people recognize that hackers are constantly roaming the Internet and trying to break into your store by finding a vulnerable system that is attached to the Internet. This is comparable to the 1983 the movie "War Games". The truth of the matter is that more data is lost by compromises that happen inside of the store than external hacking that steals data. More often than not, a user gets some malware (malicious software) that is designed to steal credit cards. That malware then gathers up the data and sends it to a hacker on the Internet who is waiting for the data. Just imagine that a compromised POS station is recording credit cards as they are processed, and then once a day it is sending an e-mail to its creator with all of the credit cards you processed today.

You must take a holistic approach if your security will be successful. You have to stop hackers from coming into your environment and prevent unauthorized data transmissions from leaving your stores. You must consider everything you do within your operations as it pertains to security because a hacker only has to be successful once to get past your defenses. You have to be successful all the time in order keep them out.

Related Content

User Comments – Give us your opinion!
  • George Coffman
    46764733
    Hello, thanks for this valuable piece of information! I was aware of software for restaurants as well as the lastest technologies being applied in this field like cloud computing, mobile apps, etc. But I wasn't aware that such softwares were so vulnerable. Wow!
    restaurant epos
Products & Services

Enterprise Solutions

http://global.networldalliance.com/new/images/products/4124.png

4124/Enterprise-Solutions

FireFly Point-of-Sale

http://global.networldalliance.com/new/images/products/4282.png

4282/FireFly-Point-of-Sale

Mobile Ordering

http://global.networldalliance.com/new/images/products/5933.png

5933/Mobile-Ordering

Thr!ve Point-of-Sale

http://global.networldalliance.com/new/images/products/6811.png

6811/Thr-ve-Point-of-Sale

Restaurant Digital Signage Advertising Network

http://global.networldalliance.com/new/images/products/6691.png

6691/Restaurant-Digital-Signage-Advertising-Network

Online Ordering

http://global.networldalliance.com/new/images/products/4285.png

4285/Online-Ordering

HAND-PINCHED STYLE® Sausage and Beef Toppings

http://global.networldalliance.com/new/images/products/6785.png

6785/HAND-PINCHED-STYLE-Sausage-and-Beef-Toppings

DriverSafe

http://global.networldalliance.com/new/images/products/keyboard_iix.gif

1424/DriverSafe

POS health test: do a quick check

http://global.networldalliance.com/new/images/products/1288.png

1288/POS-health-test-do-a-quick-check

Business Performance Management

http://global.networldalliance.com/new/images/products/6413.png

6413/Business-Performance-Management

PCI Compliance & Network Security

Latest posts by Brad Cyprus
Brad Cyprus
Bradley K. Cyprus has more than 20 years experience in the security industry. He manages the development of in-house solutions to validate compliance, and he is a resource that Vendor Safe customers can rely upon to help interpret the PCI standard.
Digital Menu Boards and ROI
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.