Analysis of POS, mPOS security
POS devices are the conventional equipment for sales outlets, but their owners rarely think about their security. These devices are often thought as a "thing-in-itself", indivisible and being beyond the reach of analysis and modification.
However, POS devices are quite standard systems that may be quite easily hacked by criminals. Our experience shows that the payment infrastructure may have some gaps even if it was implemented by PCI DSS standards. That allows criminals to organize the leakage of plastic card data and cause direct losses for all the participants of the payment flow.
We will help you to assess the real security of payment points, which may be violated even in systems that are perfect "on paper".
mPOS devices are a small enterprise’s best friend and security’s worst enemy. Our analysis of transaction devices connected to mobile phones shows that selecting safe hardware is a difficult task inextricably connected with the audit.
A timely audit meant that we were able to prevent one of Russia’s largest banks from buying poor-quality vulnerable devices. We are able to give advice in choosing such devices, even without interfering in the hardware and software system.
A POS device is not a "thing-in-itself", but a part of the system including a standard PC with all the complementary vulnerabilities.
Bad mPOS devices may compromise even protected payment software. Along with under-protected applications, they are a very easy target for attackers.
Do not buy card readers that connect via audio jacks – they are extremely vulnerable.
For a more thorough examination of vulnerabilities, we can conduct a source code audit for POS applications.