Is PoS Terminal a Threat to Customers’ Security?

One of the mind blowing innovations ever is the technology behind the Point of Sale (POS). This innovation is already taking a frenetic pace in Nigeria,as a result of the ambitious move of by the Central Bank of Nigeria to adopt a cashless system.

“With the introduction of the Cash-Less Nigeria Project and the release of the Guidelines on PoS Card Acceptance Services, the CBN outlined the Merchant Service Charge (MSC) and the modalities for its operation in the payments system.

This had enhanced the issuance and utilization of cards transaction in the country and brought structure to the compensatory mechanism for parties involved in the transaction,” Dipo Fatokun, Director, Banking, and Payment System Department (BPSD), CBN.

Many Nigerians are finding it convenient to make payments through the POS as many retail stores now provide the technology to reduce the security threats caused by the physical cash.

The PoS technology is probably becoming a bit indispensable for retailers who own supermarkets and big stores because they will hardly function if POS systems to process customers’ transactions are not there.

Despite been one of the most vulnerable and targeted destinations by hackers, PoS terminal is now a critical element of retailing recording significant increase in the number of transactions.

“Transactions on the PoS recorded an increment of 62% in 2016 to 33,720.93 transactions carried out in 2015,”Nigeria Inter-Bank Settlement System (NIBSS) said in a report.

The report from NIBSS shows that the total of ₦651.38 billion worth of transactions was conducted out through the PoS from January to November 2016. In reality, only ₦448.52 billion worth of the operations were carried out via the PoS in 2015.

Obviously, these transactions are usually prone to security vulnerabilities which retailer or customer should be aware of; it sounds good and innovative to pay for something without giving out money.

The convenience alone associated with this technology has made it a second option to dip hands into the wallet and make payments. However, it is imperative to note that online criminals are not sleeping at all; they have been working hard to steal your information.

Security Risks and Recommendations

According to 2016, Verizon Data Breach Investigation Report (DBIR) found that PoS breaches were amongst the commonest methods of attack accounting for 534 incidents.

Cyber criminals usually adopt different techniques such as phishing to gain access to retailers or customers’ network via a POS malware, after which they immediately start scraping the card to steal your data.

Apparently, if the network of your operates on a default credential, it means the network is incredibly and could render the PoS vulnerable. If there is any form of vulnerability on the PoS, hackers would be happy to launch their attacks. That is why it is imperative always to change the default password and ensure two-factor authentications as part of the security measures.

Another factor that could heighten the chances of getting attacked is when the installation of the PoS software is not done properly. A retailer or an organization should be seeking the services of a certified technician who can install PoS software beyond the default boxes. However, if you are relying on your abilities are not guaranteed, seek for certified technicians.

In the same vein, poor security policies are practical situations of vendor driven vulnerabilities and may account for of POS attacks, according to data.

Cyber risk expert Booz Allen Hamilton in his research states that the management practices and volume of vendors as two reasons that multiple data breaches happen through external vendors.

“A lot of effort is put into setting up the initial relationship…but, there is no provision for monitoring how or if that changes,” adds Drew Wilkinson, senior associate, and cyber risk expert.

The United States Computer Emergency Readiness Team (US CERT) recommends exercising complete control the IT environment by limiting internet access to POS terminals, as this would thwart users from revealing confidential data online while limiting the remote access to POS systems.

It has been emphasized that cyber attackers could phish authorizations for the remote desktop tools that give them complete control access to POS systems from any location.

“Installing firewalls and antivirus is imperative as many variants of malicious software and attacks often bypass antivirus detection.”


Attacks on PoS are realities that we must start to embrace and the retailers are in a better position to protect the customers by ensuring that the safeties of the PoS terminals are ensured.