According to the Identity Theft Resource Center’s (ITRC) yearly breach list, there were 781 reported breaches in 2015 and 1,093 in 2016. The number of data breaches tracked through June 30, 2017 hit a half-year record high of 791, a jump of 29 percent over 2016 figures during the same period. At this pace, ITRC anticipates that the number of breaches could reach 1,500 in 2017, a 37 percent annual increase over 2016.1 The average total cost of a data breach is now $4 million, with a cost per stolen record of $158. This marks a 29 percent increase in total cost per breach since 2013.2
As the numbers on data breach statistics continue to rise, it is clear a new approach to data security is needed if organizations want to stay ahead of the attackers and more effectively protect their data, customer information, and bottom lines.
One clear place to start is with point of sale (POS) payment devices. These systems are vulnerable because they allow direct cardholder interaction, sometimes in an unattended setting, which poses data security challenges. The usage and operational modes of the machine and its software need to be appropriately constrained to just the tasks that are necessary to perform a transaction. Precautions must be taken to reduce the chance of data being stolen, copied, fraudulently entered, etc.
Features of a Secure Payment Device
According to Justin Ning, director of sales at ID TECH, the following features are essential to preventing POS attacks:
The Advantech Solution
Among Advantech’s POS solutions, the latest hardware with all of the above security features is the UPOS-510. When a credit card is presented to make a purchase, its most sensitive data is encrypted in firmware at the time of presentation and never gets decrypted until it is received by a properly authenticated party, such as the issuer, financial gateway, bank, or back-end processor.
“The device is designed to encrypt (only) and is incapable of doing decryption. Hence, even if the POS system is stolen, it cannot be used to decrypt data, since it contains no software for decryption,” says Ning. “The data is ‘locked’ until an authorized party (with possession of proper keys) can decrypt it.”
Other available security options for the UPOS-510 include fingerprint biometrics, contactless card reading, chip card compatibility, magnetic stripe card reading, and many connectivity options. “All of these options make our POS-series devices a natural choice for merchants who require flexibility in connectivity options along with flexibility in payment options,” says Jason Zhang, product manager at Advantech.
Advantech also provides a range of ready-to-deploy solutions. One package specifically for POS security features is WebAccess/IVS (Intelligent Video Software) for loss prevention. “WebAccess/IVS enables users to combine video and transaction data to assist in loss prevention and provide evidence in the event of customer disputes,” Zhang explains. The camera captures images of customers at the register and the POS software captures credit card information and receipts. Every transaction is automatically recorded, making data easy to find during security audits.
“Seventy-six percent of retailers invest in CCTV, 61 percent in security guards, and 60 percent in alarm monitoring,” says Zhang. “Sometimes these investments are huge and they still miss theft and inventory losses. With WebAccess/IVS, retailers see a reduction in both hours spent reviewing video footage and operating expenses for loss prevention.”
Partnering to Leverage Security Technology
Advantech collaborates with industry-leading partners to provide the building blocks required for delivering integrated and innovative solutions to retailers. ID TECH is part of Advantech’s retail partner ecosystem, and the two have been working closely together in payment-related applications.
“We leverage the latest technology ID TECH offers from their standard off-the-shelf solutions as well as their payment modules for our mobile POS solutions and traditional stationary POS terminals,” says Zhang.
Advantech leverages its Premier Partner relationship with Intel to secure the ideal CPUs for both POS and security functionality. The UPOS-510 is offered in both Intel Celeron J1900 and the latest Skylake sixth-gen processor flavors. “The J1900 brings an additional level of security to the POS,” explains Andrew Gentry, RSD marketing segment manager, Intel Retail Solutions Division.
“J1900 features security characteristics unique to Intel,” says Gopi K. Agrawal, RSD technical sales manager, Intel. “First, there is Intel Silicon, which transmits large amounts of data. Second, there is Secure Boot, which uses digital signature technology to guarantee that only the correct operating system is used to boot the Gateway. Third is Intel’s Platform Trust Technology for credential storage and key management used by Windows 8 and Windows 10 and which supports BitLocker for hard drive encryption. Finally, the Intel Software Guard Extension offers application-level protection via encrypted memory.”
When enabled and fully configured, Intel’s Secure Boot helps a computer resist attacks and infection from malware. Secure Boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system.3
Intel Platform Trust Technology (PTT) improves the authentication process by enabling disk encryption keys to be locked (or sealed) to the platform configuration so that keys are only released if the platform configuration has not changed from a known good configuration.4
Intel Software Guard Extensions (SGX) technology is for application developers who are seeking to protect select code and data from disclosure or modification. Intel® SGX makes such protections possible through the use of enclaves, which are protected areas of execution in memory. Application code can be put into an enclave by special instructions and software made available to developers via the Intel SGX SDK.5
“Our combined solutions result in a unique system in the marketplace that features increased performance and security for the UPOS-510,” says Gentry.
Best Practices for Ensuring the Security of a Payment System
“Increased security is easily attainable with the following best practices,” says Ning.
More on Advantech’s Secure POS Systems
15" Stylish Modularized POS System
UPOS-510 is a modern industrial-grade POS system powered by an Intel® Celeron® J1900 and Core™ i5-6300U processor. The slim and borderless front touch panel offers a maximized viewing area and is IP65-rated for water and dust protection. The small footprint design makes UPOS-510 the ideal system for limited-space installations and medium and small businesses. The easy-access back cover allows users to conveniently access/replace HHDs. Additionally, UPOS-510 supports I/O expansion for flexible installation and can be equipped with diverse peripherals, such as a secondary rear-mounted display, to satisfy diverse applications in retail and hospitality environments.
Learn more about UPOS-510: https://buy.advantech.com/iRetail-Solutions/POS-Systems-Modular-POS-Systems/AUS_31435.products.htm
Chat with an Advantech Retail Expert about stationary and mobile tablet POS hardware and software: 877-825-4146