Visible to the public Commercial Security Scanning: Point-on-Sale (POS) Vulnerability and Mitigation Techniques

TitleCommercial Security Scanning: Point-on-Sale (POS) Vulnerability and Mitigation Techniques
Publication TypeConference Paper
Year of Publication2019
AuthorsSassani Sarrafpour, Bahman A., Del Pilar Soria Choque, Rosario, Mitchell Paul, Blake, Mehdipour, Farhad
Conference Name2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
Date Publishedaug
KeywordsAutonomic Security, Business, cash flow, cloud-bases POS, commercial security scanning, composability, confidential customer payment information, cyber-attacks, cybersecurity, expense management, financial data processing, Human Errors, Industries, labor reporting, mitigation techniques, on-premise POS, Payment Card Industry Data Security Standard, Payment Card Industry Data Security Standard (PCI DSS), PCI DSS, penetration attacks, Point of Sale (POS), point-on-sale vulnerability, POS system, price adjustment, pubcrawl, Resiliency, Sale systems, security, security measures, security of data, Servers, Standards, Testing, wireless networks
AbstractPoint of Sale (POS) systems has become the technology of choice for most businesses and offering number of advantages over traditional cash registers. They manage staffs, customers, transaction, inventory, sale and labor reporting, price adjustment, as well as keeping track of cash flow, expense management, reducing human errors and more. Whether traditional on-premise POS, or Cloud-Bases POS, they help businesses to run more efficiently. However, despite all these advantages, POS systems are becoming targets of a number of cyber-attacks. Security of a POS system is a key requirement of the Payment Card Industry Data Security Standard (PCI DSS). This paper undertakes research into the PCI DSS and its accompanying standards, in an attempt to break or bypass security measures using varying degrees of vulnerability and penetration attacks in a methodological format. The resounding goal of this experimentation is to achieve a basis from which attacks can be made against a realistic networking environment from whence an intruder can bypass security measures thus exposing a vulnerability in the PCI DSS and potentially exposing confidential customer payment information.
DOI10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00099
Citation Keysassani_sarrafpour_commercial_2019