For many years, malicious actors have found success by infiltrating Point of Sales, or POS, environments across multiple industries. In years past, high profile attacks on big box stores and home improvement stores captured headlines. More recently, a string of attacks on POS systems across hotel chains, retailers, and restaurants have made these all but commonplace in the eyes of the public. Unfortunately, the end result of each instance is a data breach that exposes the cardholder data or personally identifiable information, or PII. These occur despite compliance with the Payment Card Industry Data Security Standard, or PCI DSS. As these data breaches have shown, compliance with the PCI DSS created a false sense of security as these environments were not truly secure.
In addition to recording the actual sales transaction, POS systems also handle customer information, interact with loyalty programs, update inventory systems, and initiate the process for electronic payments. Given the lucrative data handled by POS systems, it’s no surprise they remain a favorite target for cyber attackers. In addition to data breaches, POS systems have also been targeted with ransomware or denial of service attacks to disrupt businesses.
To protect POS environments, many businesses have relied on antivirus protection. Others have also adopted the use of network segmentation to protect the cardholder data that POS systems handle. When done with legacy firewalls and antivirus products, deficiencies exist that leave the POS terminals and servers vulnerable to malware or ransomware. With Palo Alto Networks, you can leverage our Security Operating Platform to create a Zero Trust model to protect the POS environment and the cardholder data and PII there. Download the whitepaper to learn more about our approach, and read about an actual customer’s deployment of Palo Alto Networks to secure their POS terminals and servers across a global retail network.