In 2011, hackers stole thousands of credit card numbers from the point of sale systems in pizzerias across the United States. This June, another major breach targeted customers of a national casual dining chain. Just last week, the Delaware Restaurant Association warned merchants of the cause of a series of attacks on restaurants in that region, and the first news of a breach at a national quick-service chain hit the wires.
The common threat?
Remote access software—the tools typically used for point of sale technical support, and sometimes by restaurant operators to manage menus or reporting off-site.
In 2012, Trustwave reported in its Global Security Report that remote access software was by far the most common point of attack used by hackers against restaurants. That hasn’t changed.
When franchisees from three national pizza chains and a number of independent pizzerias experienced credit card thefts, the point of breach was their POS vendor’s remote access support software. What these restaurants had in common was that they were all using the POS vendor’s default password—but the same vulnerability may exist with this type of remote access software even if you change your password.
How many people in your business know the password? Is it written down somewhere? What is the chance of a disgruntled employee using it, or selling it?
In last month’s reported attack on restaurants throughout the Northeast, hackers gained access to the POS vendor’s LogMeIn remote access credentials (possibly through an employee).
Once hackers have legitimate credentials for the remote access system, they can pose as a legit support technician and potentially gain direct access to remote systems available to that account. From there, experienced hackers may know how to use malware and other tactics to navigate from that individual system to the rest of the restaurant and corporate networks. This puts the entire company at risk of a catastrophic data breach.
In fact, the US government released an alert July 31, 2014 to warn merchants of newly-identified family of malware called “Backoff” that steals payment card information from businesses by exploiting weaknesses in the remote desktop software they use with their POS systems. Backoff is not currently detected by most anti-virus software, and has been responsible for several POS data breaches in the past year.
So how do you protect yourself?
As you know, there are many considerations in security and PCI compliance—but given the demonstrated threat of breach via remote access, that seems like a good place to begin. What software does your POS vendor uses to access and support your POS systems and network?
If your POS provider can access your POS system without you initiating the connection—or if you use a remote access solution yourself for reporting or menu management—you could be putting your guest data at risk.
At SpeedLine, we recognized this risk early and invested in replacing our older remote access software with a fully PCI DSS compliant remote access solution.
Unlike most remote support applications, SpeedLine LiveAssist uses a unique, appliance-based remote support solution. A security-hardened appliance at the heart of this solution ensures that data or system access is never passed through a third party.
SpeedLine LiveAssist establishes a secure, encrypted connection between the SpeedLine POS network in your store and SpeedLine Support to keep your POS network secure. It is fully compliant with PCI DSS requirements: you initiate the connection from the store, and once you end the session, SpeedLine no longer has access to your computer.
No third party ever has access. And that’s the key.
Posted on Thu, Aug 07, 2014 @ 10:08 AM.
Updated on April 25, 2019 @ 3:04 PM PST.
Posted by Jennifer Wiebe
An occasional contributor to On Point, Jennifer led the marketing team at SpeedLine from 2002 to 2018. She loves books, yoga, playing at the beach, and commenting on bad TV with her family.| Author's website