Remote access tools are an extremely convenient and efficient way to solve technical issues for merchants who are in a bind tamiflu 75 mg. They are fast and cost-effective and have become the preferred method of service by many modern IT companies. However, as more of these tools come to market and integrate deeper with merchant technology, security vulnerabilities are created that can be exploited with malicious intent. Last month, Visa issued a report warning merchants, merchant technology providers and acquirers of a new influx of security threats that have been associated with unauthorized access to Point-of-Sale (POS) systems via POS integrators.
POS integrators utilize tools like LogMeIn, PCAnywhere and Microsoft Remote Desktop to provide IT support and ongoing maintenance to POS software and hardware through temporary remote connections. When properly secured, remote access tools like LogMeIn pose little threat to merchants. However, if used carelessly, cyber criminals can gain access to a wealth of information – including sensitive payment card data.
When a remote connection is set up improperly and does not comply with the Payment Card Industry Data Security Standard (PCI DSS), cyber criminals can establish connections that are used to steal login credentials, capture audio and video, and can even record keystrokes from the affected system. Most recently, attacks have been phishing campaigns in the form of fraudulent LogMeIn emails designed to steal sensitive log in information and access various merchant networks. The emails will typically contain a link or downloadable file that triggers the malware which can then connect the POS to an overseas server that will download additional malware, disable anti-virus applications and grant free access to the desired data.
There are a few common mistakes that merchants and POS integrators should avoid in order to maintain the integrity of their network:
Understanding these risks, Boomtown takes the security of our partners and merchants very seriously, and have mitigated this risk through the core design principles of our product. The most important of which is that video chat via the mobile app and onsite dispatch are the only sources of support for POS hardware and software. This prevents any remote connections directly into the POS and safeguards the merchant from any potentially harmful attacks. Also, seeing that there are no remote connections into the merchant POS systems, Boomtown does not have access to, or store any PCI data. Lastly, Boomtown has no access to personally identifiable information (PII) and therefore prevents any personal merchant data from being accessed or exploited.
It’s imperative that POS integrators and merchants adhere to PCI DSS guidelines and protect their sensitive data from hackers. If you have any questions about Boomtown or how to ensure PCI DSS compliance, download the Boomtown app and talk to one of our support engineers.
Sign up to receive one monthly email with only our most popular articles.