Is encryption actually making point-of-sale systems less secure? According to the 2015 Dell Security Annual Threat Report hackers might be using encryption to their own advantage, and therefore decreasing its security value.
Over the years more companies have begun to adopt encryption as a part of their security protocol, for good reason. The HTTPS protocol encrypts, or scrambles, information being shared to avoid it being used by malicious entities. Companies selling goods or services online have used HTTPS for some time now due to the use of credit cards on their websites, but sites like Google, Facebook and Twitter are also adopting the practice due to growing user demand.
Dell reports a 109 percent increase in the volume of HTTPS web connections from 2014 to 2015, while the number of connections grew from 382 billion in January 2015 to 437 billion in March 2015.
However, it seems that hackers are making use of the same security that users take comfort.
Dell gives the example of a hacker that was able to distribute malware to 27,000 Europeans per hour over a four day period, by infecting a group of banner advertisements on Yahoo's news site. The website was encrypted, which means that the malware was able to scramble itself and pass undetected through user firewalls.
While many companies suffer POS malware breaches due to a lack of encryption, Dell states in its report that in 2014, "More companies were exposed to attackers hiding in plain sight as a result of SSL/TLS encrypted traffic."
Dell advises that organizations protect against this threat by implementing SSL inspection for encrypted traffic. Companies should make sure to keep their credit card payment software up-to-date to ensure continued protection for customers.