There are many reasons for users of POS card processing software to be wary when it comes to potential abuse of their systems, and at this point most are probably aware of outside threats by thieves and scammers looking to steal customer information. However, sometimes the problem can lurk both without and within the system itself. BankInfoSecurity has reported that a recent case in Kentucky has seen important account information revealed to the public. Though this is reportedly due to a strain of malware, the root cause also appears to have been a gap in the software's security measures.
Although this was a local occurrence primarily reported to have affected vendors and cardholders in the Louisville area, authorities noted that this kind of malware is not necessarily limited to the area. All establishments that process card payments have reason to investigate the potential for abuse that lies within their own systems. It's a further example of what Republic Bank and Trust's Marjorie Meadors says is a continuing trend of merchants not being kept in the loop when it comes to updates for their software.
"What we've seen happen on at least two other occasions is that the software company puts out an alert about an upgrade or patch that is needed," she said. "But the reseller does not pass along the information to the merchants."
The compromises appear to have mainly targeted credit cards as opposed to debit.
This only goes to further emphasize the importance of proper interaction between a seller and the supplier of their software. By taking care to select credit card processors that are trusted and come from sources that value communication, it's possible that operators can take further steps towards reducing levels of fraud.