Protect Your POS Terminals from Cybercrime

159

Last year, a security researcher for Rapid7 unveiled that he developed a $6 tool that could open hotel guest rooms and point-of-sale (POS) systems and cash registers. Scary, isn’t it?

The global Payment Card Industry (PCI) Security Standards Council was established by major payment products companies to standardize security efforts across the industry. The council is responsible for maintaining, evolving, and promoting these security standards. Through its PIN Transaction Security (PTS) standard, PCI-PTS, vendors are encouraged to adopt robust security controls for their payment systems, validating documentation of policies and procedures related to device management.

Even though security is a key concern, spoofing, skimming, and other such attacks are still easy enough for cybercriminals to accomplish and are continuing. According to its 2016 Data Breach Investigations Report, Verizon notes that in 2015, POS attacks accounted for 32% of all incidents in retail worldwide and 64% of breaches (where data was stolen). The Verizon report also discloses that most of the time, POS environments were hacked in just a few hours, while it often took weeks before the victim became aware of the attack.

Auckland, New Zealand’s Invenco is a global provider of self-service payment solutions. The company’s Invenco G7 OPT (outdoor payment terminal) is a modular EMV-compliant payment system with a 12-inch multimedia touchscreen. Enabling a self-service payment experience, the system accepts EMV, magnetic stripe, contactless (including mobile phones), and bar code-reading and mobile wallet payments. Users, such as gas stations, can program its display with responsive content that can help drive additional sales. Inside the G7 OPT, you’ll find Maxim’s MAX32590DeepCover secure microcontroller, which has achieved PCI-PTS v4.1 certification.

To comply with the PCI-PTS standard, G7 OPT had to pass stringent levels of differential power analysis (DPA) attack testing. Maxim is one of a few IC suppliers who provides a cryptographic library with sophisticated algorithm protection. The company also offers a security evaluation report from an independent laboratory, which helps reduce the amount of time and cost associated with PCI-PTS certification by several months. Designing the MAX32590 into the G7OPT helped Invenco comply with some challenging certification requirements.

Decrease Design Time and Costs with Secure Microcontroller 

Fast time to market and lower costs are persistent challenges in many industries. Using a secure microcontroller such as the MAX32590 can help the POS industry address these challenges while safeguarding their systems. A32-bit, Linux-based microcontroller, the MAX32590 needs fewer external components than other solutions, simplifying designs in the process. The highly integrated chip features an ARM926EJ-S processor core, patented external bus, advanced physical security, and much more.

LEAVE A REPLY