The Target POS breach continues to stay in the headlines and the latest development may have pinpointed how the criminals were able to gain access to the company's network in the first place.
According to an article from KrebsOnSecurity, the problem can be traced to Fazio Mechanical Services, a refrigeration and HVAC service that works with companies like Target. The report states that the third party vendor had remote access to Target's network to be able to manage and monitor various systems.
However, that access was connected to the point of sale system. Hackers were able to breach the network through Fazio and move around undetected. Once inside, they were able to upload malware to the cash register systems and start stealing customer information.
The question becomes, why does a third party vendor have access to a part of Target's network that included the POS system and why is it not cordoned off. One cyber security expert for a retailer that asked not to be named gave his opinion.
"It is common for large retail operations to have a team that routinely monitors energy consumption and temperatures in stores to save on costs (particularly at night) and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range that could prevent customers from shopping at the store," the expert said in the article.
POS security is complex, but with the help of a reliable retail service provider, any organization can take the steps to ensure card processing software and POS solutions remain safe.