Machines Parts
 |
 RMI 8050 Coffee Vending Machine Not Working For Parts or Rebuild  US $75.00
|
 VORTEX COINCO COIN MECH VENDING MACHINE PART US $65.00
|
 AP 110 snack vending machine control board part 360165 US $64.75
|
 USI Coffee vending machine parts US $10.00
|
 CANDY GUMBALL DOUBLE BRACKET Vending machine parts Metal US $45.00
|
 NORTHWESTERN Curtis Gabriel GUMBALL CANDY VENDING MACHINE BODY parts US $9.99
|
 GUMBALL CANDY NUT VENDING MACHINE PART Northwestern Curtis Gabriel AA US $.99
|
PCI Compliance for POS Systems: Dealing With The Difficult Part
Point of Sale (POS) Equipment: Securing Your POS
In credit card commercials, although they show us a couple of happy shoppers swiping their credit cards as they go on a shopping spree and enjoying the convenience of a cashless society, they do not point out the very real threat of identify theft at the cash register.
Monica Chauhan, director of embedded solutions for Solidcore (www.solidcore.com), a leading provider of real-time change control software, cites Gartner Group statistics showing that four out of five data breaches occur at POS (point-of-sale) systems.
Locking it Down
Chauhan says that if these POS systems aren't properly locked down, they can be vulnerable to attacks. “For decades, embedded devices consisted of specialized hardware running proprietary software, but in recent times, there has been a shift towards standardization, such as Unified Point of Sale (UPoS) in the retail industry.”
Chauhan observed that this standardization has enabled devices to become increasingly interconnected , allowing the use of off-the-shelf software on commoditized hardware running commercial or open operating systems (OS) like Windows XP Embedded, WEPOS (Windows Embedded for Point of Service), and also Linux.
According to Chauhan, greater system flexibility and quicker development time has created security risks for POS equipment owners.
These Are Vulnerable Systems
Robert J. McCullen, chairman and CEO of Trustwave (www.trustwave.com), a security firm that specializes in information security and compliance management solutions, agreed to Chauhan that there are many, but not all, POS systems that are susceptible to attacks.
McCullen says, a little dial-up swipe machine has a low risk, but devices that are computer-based and/or have Internet access (the peril lies in those two prime factors) devices are more prone to attacks.
If a POS system stores credit card track data, exploitation can occur, and swipe terminals can be tampered, according to McCullen.
“Generally, hardware swipe terminals have low exploit risk, rather a higher risk of tampering, and thus the tampering will allow hackers to read the cards, whether through a Bluetooth device used later to get the card data or other efforts to retrieve the information,” McCullen explains.
As Chauhan pointed out other vulnerabilities, she says that because today our POS systems are similar to networked PCs, it requires constant patching. Chauhan says embedded systems have also become susceptible to attack through changes that are unauthorized and inappropriate as they are handed off to others in the distribution channel. With these, equipments often results to malfunctions and/or can cause the equipment to no longer meet PCI DSS (PCI Data Security Standard) requirements.
PCI DSS Challenges
Chauhan and McCullen both agreed that POS equipment is faced with unique challenges with its PCI DSS compliance.
Chauhan says that in the PCI DSS requirement 5, it states that antivirus software must be used and updated regularly. An ativirus software can be a very high overhead expense on a low-footprint POS system, she even notes; however, change control software can eliminate the need for antivirus software.
For example, Chauhan explains that NEC Infrontia installed change control software on its POS offerings and thus prevented unauthorized code from breaking unpatched systems. It allowed NEC Infrontia to remove the antivirus software that was impacting the performance of its devices, according to Chauhan.
The the PCI DSS Requirement 6, develop and maintain secure systems and applications. It also presents unique challenges, as Chauhan noted.
It will be tough for POS equipment providers in ensuring that their systems supplies the PCI compliance after the equipments are shipped through the dealer network and put into production.
Though embedding Solidcore change control in its systems, StoreNext (www.storenext.com) - a large supplier of technology and POS systems for independent grocers and small chains - have solved their PCI DSS Requirement 6 patching problems.
“In addition, StoreNext was able to reduce the amount of time spent on monthly test and patch distribution cycles by reducing its patch frequency to quarterly,” Chauhan states. The PCI auditing requirement can be met through change control software, claimed Chauhan.
Other challenging areas include data encryption and user-based access controls, McCullen states.
Want To Ask A Point of Sale (POS) Specialist?
If you would like to know more about this topic or have a question in mind, you may ask for advice with our Restaurant Point of Sale
professional serving your area.
The author of this article is the Vice President of Customer Relations at www.POS-For-Restaurants.com with over 20 years experience in the restaurant point of sale industry.
Has anyone ever tried to shoot you because you made them a bomb out of old pinball machine parts?
Libyans and there damn plutonium 
How To Tattoo Video - Tattooing Basics on a tattoo machine
You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Comments are closed.