If you’ve gone shopping with a credit card, you’ve used a Point of Sale (POS) System. While we might only associate online shopping with potential risks to our bank account, in-person shopping with a credit card can also put you at risk.
This is because POS systems are common targets for data breaches, resulting many millions of credit card details becoming compromised each year. Even the largest and most trusted retailers, for example Target, Home Depot, McDonalds and countless others, have fallen prey to these attacks. So, how does a POS breach take place? Read on to find out.
Put simply: every payment terminal is connected to a computer. Generally, these computers are running Windows, and are thus vulnerable to the very same security problems we can face at home. (But don’t get complacent, Mac users!)
When the POS system communicates with the bank to process your payment, your card details are stored unencrypted for processing purposes. Special Point of Sale malware is written to steal this unencrypted information on POS-connected machines.
It’s sadly not possible to control whether we’re affected by such a breach, and such attacks can happen to the best of us. Short of cutting up your credit card entirely and never going shopping again, what can you do if you’re affected by a POS breach?
1) In the event of a breach, do your research
When you learn that a store you’ve shopped at has been breached, look into what sort information has been stolen.
There are many types of data breaches, and a POS breach might not just involve your credit card. Your user account, email or password can also be implicated, and even more worryingly, a customer database breach can even include your address or phone number.
So in addition to getting your credit card cancelled, you might also need to completely change the passwords on your accounts after a breach. In the case of sensitive personal information, you might even need to look at legal options.
2) Read the newsletters##
If you regularly receive newsletters from a retailer you shop with, don’t send them straight to the spam folder.
Customer newsletters and mailouts will often be the first time you’ll hear about a breach, including which information was compromised.
Additionally, these mailouts will include advice on what affected customers should do. The quicker you get this information, the better!
3) Think long-term##
Leaked information from POS data breaches might not be used straight away, so it’s important to keep monitoring your accounts for a few months after you learn you’ve been involved in a data breach.
Just because you haven’t spotted any fraudulent activity on your card directly after a breach, doesn’t necessarily mean your details heaven’t been compromised!
4) Keep an eye on the news##
Unfortunately, in some cases breached companies might not be the first to let you know the bad news.
In this case, you might hear it first through an Internet security news outlet, or via social media.
(Protip: we aggregate the latest security news on our Facebook, Twitter and LinkedIn feeds, so follow us for up-to-the-minute info on the latest breaches).