Industry claims that systems affected by Dexter point of sale (POS) malware attacks in South Africa’s biggest fast food chains and restaurants are clean and that consumers have nothing to worry about are unfounded.
This is according to Wayne Olsen, chief technology officer at SecureData Africa, who says: “Consumers should be concerned. It is a well-known fact that over the festive season there is a marked increase in malware
and virus attacks for financial reward.
“While the latest spate of malware attacks focused on larger retailers and chains, it is the smaller guys that should be the most concerned.”
Olsen believes that, now that the latest variant of this particular malware has been identified and cleaned off high-profile retailers, it is the smaller retailers that will be the next and unfortunately often easy target.
“They should not under any circumstance be lulled into a false sense of security,” he adds.
He emphasises the importance of educating smaller retailers to have the basics in place when it comes to securing their technology and particularly their POS terminal which in most cases is a Windows desktop or
laptop.
“Having the latest anti-virus software means absolutely nothing if the operating system it is sitting on is not up-to-date. In addition to regularly updating the anti-virus software, retailers need to ensure that the operating
system on their POS terminal regularly has its patches updated. Patches in effect act as a plaster plugging any holes in the software,” he adds.
Olsen says WiFi networks pose another huge threat.
“Many POS terminals operate on the same WiFi network as that used by staff and customers. This means that anyone can infect or hack into it. Segmentation of
the network is vital to ensuring a secure POS terminal,” he explains.
Also worrying, says Olsen, is the fact that many small retailers leave their POS terminals unattended.
“Making the POS terminal easily accessible to the general public puts the business at huge risk. Here again staff need to be educated as to possible risks so that they can be aware of and respond to suspicious
activity.
“Making it easy for someone to tamper with the credit/debit card reader or stick a malware-laden USB driver into the POS box should be avoided at all costs. It is also not advisable to make the POS terminal available to staff for Internet and e-mail access.”
Olsen reiterates that it comes down to the ensuring that the basics are in place.
“Unfortunately no technology can ever truly be one hundred percent secure. If perpetrators want to gain access, they will find a way sooner or later. You just need to ensure you don’t make it easy for them.”