Starwood Hotels & Resorts Worldwide warned of the credit card breach issue as cyber criminals designed malware to steal credit and debit card information from POS systems.
This is an additional attack in a recent string of hotel chains to acknowledge credit card breach threats and investigations. The malware that hit Starwood affected certain restaurants, gift shops and other point of sale systems.
The malware was designed to collect certain payment card information including cardholder name, credit card number, security code and expiration date.
Good news is that compromised credit card holders will not be liable for unauthorized debit or credit card charges but the onus is on the cardholder to spot and report any unauthorized charges.
How can you protect your business from credit card breach?
- Use an updated POS system or protect your current POS – Point of Sale systems have changed but there are still systems out there running on outdated Windows XP. If using an older system, you should meet with your IT consultant team or IT department and discuss how to “Sandbox” your environment. A Sandbox environment will limit an application to its intended functionality while not allowing it access files and resources beyond its initial and intended functionality. This makes it hard for malicious software to compromise the system. Code Signing – Apple imposes strict code signing requirements on application developers, which maintain high standards among individuals creating applications. Before creating a project, developers must obtain three code signing certificates from Apple: a development certificate, a distribution certificate, and a Developer ID certificate. These strict requirements maintain the utmost security standard for applications running on iOS.
- Proactive update and review – The greatest defense against breaches is proactive update and review of your infrastructure. If you implement every imaginable security measure on a POS system, you never fully eliminate your security risks but it is still the best defense. The recent Target breach, the IT team in charge of cybersecurity failed in consistently walling off sensitive data and removing the default accounts of unused POS devices. This resulted in one of the most major breaches in POS security. Only a POS system with the most up-to-date security can have the ability to safeguard a business from the ever-changing and incessant attacks of cybercriminals.
The recent Credit Card Breach at Starwood Hotels shows why companies need to adopt a POS security system that eliminates opportunities for hackers and cyber criminals.