Bird of Prey: Mobile Point-of-Sale Terminals Are Vulnerable to Hackers

iPhone POS Mobile payment

iPhone POS Mobile payment

Mobile point-of-sale terminals or devices (also referred to simply as MPOS) make it possible for businesses to accept payments from their smartphones or tablets. Not only does this convenient option allow entrepreneurs to run their operations without buying heavy and expensive cash registers, it is also a major boon for people working in mobile businesses like taxi service or food delivery, where remote payments are the name of the game.

Unfortunately, the convenience of mobile point-of-sale terminals doesn’t equate to safety and security, and an MPOS can easily be hacked and customer payment information stolen, including card numbers, PIN information, and more. That was proved recently by researchers from the data security firm MWR Labs, who created a program called “Chippy Pin” to prove just how easily a mobile payment system could be compromised.

Chippy Pin itself was a bit of a joke, a simplified version of the popular “Flappy Bird” mobile game that could be played using MPOS payment terminals. At first glance, MWR Labs’ ability to upload a pixelated game to a payment terminal doesn’t seem like that big of a deal. After all, what’s the harm in playing a game like “Flappy Bird” – which requires players to navigate a small bird through narrow openings in walls – on an MPOS? If so many players use the game on their mobile devices, what is wrong with playing the game on a payment gadget that attaches to said mobile devices?

The problem, though, isn’t the game itself, but the ease with which MWR Labs representatives were able to upload it into the framework of an MPOS payment terminal. It goes without saying than an MPOS is not designed to play a challenging mobile game. Mobile point-of-sale systems have one main application, and that is to register customer card payments just like a cash register would.

But the ability of MWR Labs to upload their simplified “Flappy Bird” application to an MPOS – using various covert methods like USB, Bluetooth, and even “smart” cards to get the game’s code into the terminal system – shows hitherto unexplored vulnerabilities with the MPOS concept. If data security experts can manipulate an MPOS to the point where it plays a game that it was never designed to play, then it’s frightening to think of the ways in which a malicious hacker could take advantage of the same vulnerabilities.

With the right attack method, a hacker could take full control of an MPOS payment terminal, stealing payment information, fooling the terminal into thinking a payment has cleared when it hasn’t, or perhaps even redirecting payments to an anonymous account. The implications are varied and scary, and they’re enough to give every customer and business pause over the use of mobile point-of-sale devices.

5 Tips to Put the Spring Back Into Your POS

POS Tips

POS Tips

In sales merchandising, the term “point of sale” (POS) refers the place where the sales are made – a store or restaurant checkout area is a point of sale, for example. A lot more goes on at the POS than finalizing transactions, from last-minute sales of small items to rewards program signups, credit card applications, inventory control, and more. This range of functionality is offered for a reason, so be sure you’re taking advantage of everything your POS system has to offer.

1. Offering a customer reward program is often an effective way to increase point of sale numbers. Customer rewards programs may offer discounts, coupons, or even free gifts for customers on their birthdays. The best customer rewards programs also encourage repeat business, often through the use of points systems.

2. One of the best things your POS offers is the ability to log every item in your store and build a solid and accurate inventory system. Ensure that the inventory system offered with your POS is up-to-date and that, no matter how big or small your operation, you’re keeping track of merchandise. This will help with everything from ordering to loss prevention.

3. Both old and newer POS systems can lose some of their functionality, whether it’s a busted pay screen, a sticky keyboard, or a broken mouse. Every so often perform a routine checkup of all the pieces of equipment attached to the POS system, from the software itself to hardware such as scanners, and take steps to replace items as needed. Even minor boosts in a POS system’s functionality can provide much faster and more efficient POS operations.

4. Know what you need in a POS system, and implement exactly that – nothing more and nothing less. Restaurants might not need scanners or the advanced inventory systems that retail operations do and can probably do away with a lot of extraneous hardware. On the other hand, a store that wants to build a strong rewards program will need more than what some basic POS systems have to offer. It’s a good idea for any business to take stock of their needs every so often and rework their POS accordingly.

5. Security is a huge concern for both you and your customers, so always be sure that you are offering only the best security possible with your POS system. Remember that security systems need updating over time, whether it’s because of new methods of payment or vulnerabilities that arise in existing systems. Offering the highest level of security possible will protect your business in many ways.

There are POS systems available to fit virtually every business, and in many cases, POS systems can be customized to fit your needs if they may vary from the norm. Be sure to explore all your options. After all, the POS is the heart of your business and the source of your profits.

Tags: #POSTips #PointofSale