Preventing point-of-sale system intrusions
Smith, David C.
MetadataShow full item record
Several major United States retailers have suffered large-scale thefts of payment card information as the result of intrusions against point-of-sale systems (smart cash registers). Point-of-sale attacks present a growing threat and can constitute a homeland-security problem due to a trans-national cyber crime element. This thesis presents results of a survey of point-of-sale intrusions that reached at least the start of criminal investigation. The survey showed that attacks were generally quite simple, and predominantly involved guessing passwords and subsequent installation of keyboard loggers. That suggests that countermeasures can be relatively simple although they must overcome organizational inertia. Our analysis leads to several recommendations to improve point-of-sale system security.
Approved for public release; distribution is unlimited