point of sale

(get it in RSS or Atom)

Retailers are "overconfident" about their security, majority have fundamental gaps

by Lisa Vaas on December 12, 2014 | 1 Comment

Checkout. Image courtesy of Shutterstock.

Happy holidays! Lots of us are shopping away, but a new report finds that retailers aren't doing enough to keep impish cyber crooks out of our business.

It's only logical - the BIGGER the bank, the BIGGER the breach! 60 Sec Security [VIDEO]

by Paul Ducklin on October 4, 2014 | Leave a comment

Here's the latest 60 Second Security for your viewing pleasure.

News, advice, opinion and research - and it only takes a minute...

Point-of-Sale vendor loses password, causes breaches at 324 US restaurants

by Paul Ducklin on September 29, 2014 | 3 Comments

In its own words, a US point-of-sale vendor "acts to Block Payment Card Security Incident."

Bit late for the 324 restaurants that were breached for between 3 days and 3 months in the incident...

Home Depot says, "Er, yes, we did have a breach actually"‏

by Paul Ducklin on September 9, 2014 | 8 Comments

Just how big and bad it will turn out to be is still unknown...all we know so far is that Home Depot has officially confirmed that, yes, there was indeed a breach.

SSCC161 - What do you mean, "Trade him for Edward Snowden"? [PODCAST]

by Paul Ducklin on August 21, 2014 | 1 Comment

Here's the latest Chet Chat security podcast!

Sophos experts Chester Wisniewski and Paul Ducklin once again turn plain old news into advice you can use.

US won't release Russian MP's son being held on PoS hacking charges

by Lisa Vaas on August 19, 2014 | 8 Comments

A US federal court has refused to release Roman Seleznev, arrested in the Maldives under suspicion of rigging retail PoS systems to rip off credit card details. Prosecutors say he was caught with over 2 million stolen cards on his laptop and that he'd been searching the US federal court electronic filing system for charges against him.

SSCC 159 - What can we learn from the "honeybot"? [PODCAST]

by Paul Ducklin on August 6, 2014 | Leave a comment

For your listening pleasure!

Here's this week's episode of the Sophos Security Chet Chat podcast...

Bad passwords on PoS terminals lead to card stealing Backoff malware

by Chester Wisniewski on August 3, 2014 | Leave a comment

This time the crooks are distributing their point-of-sale malware through remote control applications like Microsoft's RDP. No exploits, no social engineering, just good, old-fashioned password guessing.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

by Paul Ducklin on July 10, 2014 | 2 Comments

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

by Lisa Vaas on July 9, 2014 | 5 Comments

The Russian man's father conjectures that, for all he knows, this may be a ploy for the US to get bait to exchange for Snowden.

Remote access breach via POS system sparks yet more consumer data leak fears

by John Hawes on July 3, 2014 | 6 Comments

A US supplier of point-of-sale (POS) equipment has informed its clients of a security breach in the remote access system it uses to log into clients' networks, meaning hackers could have used the system to steal payment data.

Credit and debit card fraud targets US hotel guests

by Lisa Vaas on February 4, 2014 | Leave a comment

White Lodging runs businesses such as gift shops and restaurants within big US hotel brands. Guests at one of those hotel brands, Marriott, are advised to check their card statements following the discovery of a 9-month-long card suctioning operation.

Target says hackers got in by using a vendor's credentials

by Lisa Vaas on January 30, 2014 | 5 Comments

Target says hackers got in through a vendor

The company has reportedly shut down remote access to at least two internal systems: one for HR and one for suppliers. And yes, the DOJ is investigating this, one of the biggest breaches of all time.

FBI warns of crimewave hitting cash registers

by Lisa Vaas on January 27, 2014 | 5 Comments

The US Federal Bureau of Investigations (FBI) has warned retailers to harden their defences against cyber-heists - particularly those that latch onto credit card details from shoppers

Europol and Canadian cops round up POS terminal tampering gang

by John Hawes on November 6, 2013 | 1 Comment

Pan-European law enforcement agency Europol has announced the take-down of a global gang of cybercrooks thought to be responsible for compromising POS terminals in Europe and North America, netting 30,000 sets of card details.

Cybercrooks can buy hacked POS device and money-laundering bundle for $2,000

by Lisa Vaas on September 17, 2013 | 3 Comments

The bundles are one-stop shops for point of sale fraud, including a rigged reader, a network of grey merchants who'll transform ill-gotten goods into cash, and various purchase options. The only missing ingredient: a larcenous waiter or store clerk.

Monday review - the hot 21 stories of the week

by Anna Brading on May 27, 2013 | Leave a comment

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Small businesses beware! Point-of-sale malware is after you

by John Hawes on May 22, 2013 | 1 Comment

Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems.

Virus Bulletin's Technical Director John Hawes takes a look....