Point of Sale (POS) systems are notoriously easy to hack. Hardly a month goes by that we don’t hear of some vendor or another having had their POS system breached, exposing customer credit card and other personal data.
It’s always the same story. X numbers of users are impacted, notified and told to watch their credit cards for signs of suspicious activity. In that regard, POS attacks have been kind of a “one trick pony” for a very long time.
That’s changing, however.
There’s a new type of POS attack that’s been detected recently, and it’s both frustrating and difficult to spot.
The new attack vector doesn’t seek to harvest payment data, but rather, to change the prices of the products being sold.
There are essentially two ways a hacker could use this to his advantage. First, he could modestly raise the price on a given item such that at a glance, busy webmasters might not notice the slight increase.
The difference could simply be quietly swept into the hackers’ bank account and the vendor would be none the wiser.
The much more damaging approach could be that the hacker simply creates a custom promo code that allows him to, say, purchase a new X-Box for a dollar.
Imagine how devastating this would be to a company’s bottom line if their flagship product started selling online for a buck, and nobody caught it for a week, a month or more.
That’s exactly the kind of thing hackers can do with the new attack vector.
If you’re in the business of selling to consumers online, be on your guard against this. Your own pricing data isn’t something you’ve had to double check historically, but now, failing to do so could result in a catastrophic loss.