VISA just released this Security Alert.  It affects everyone who uses a Point-of-Sale (POS) terminal to accept credit card payments.  If you use that small device by your register to slide cards in order to accept payment you may be at risk.

VISA has identified malicious code that can allow hackers to gain access to the credit card information you are receiving through these POS terminals.  Some of the service providers who maintain these devices are not following good security practices and it is through these providers that the hackers are gaining access.  At Alvaka Networks we use secure tools whenever logging into devices.  The tool we use for this purpose is password protected, we don’t use the default password and it encrypts all the data when transmitted.  Since Alvaka Networks does not service these devices we are not a potential for risk, but I point out some of the security measures we employ when doing similar functions on other devices.  I point this out, because VISA in this Security Alert points out that the providers who have been compromised broke all or almost all of the measures we require at Alvaka Networks.

If you use one of these providers you should be asking them:

1.       Do you access our POS terminals remotely?

2.       If yes, what tool do you use? (If it is something like VNC it is not very secure)

3.       Are you using default passwords on your remote control tools?

4.       Do you encrypt all the data you handle in the remote service session?

5.       Tell me about your patching, antispyware and antivirus practices you maintain in the management of security in your own network to limit the opportunity for key-logging and other methods that can capture sensitive information?

If you are uncomfortable or uncertain about how to interview your POS service provider about these questions, Alvaka Networks is happy to do this for you.  If you want help doing this please call me at 949 428-5005 or e-mail oli@alvaka.net.

Secure regards,

Oli Thordarson