According to a report by NetworkWorld, most point-of-sale systems rely on a scaled-down version of Windows XP, which means retailers could be in trouble when Microsoft stops supporting the OS this spring. Point-of-sale systems are the software that runs cash registers and credit card terminals for retailers.
Starting in April, Microsoft will no long issue patches and security upgrades for XP users. The timing couldn't be worse. In the last two months, we've seen an onslaught of attacks on POS systems. Hackers have stolen millions of customers' data from Target, Nieman Marcus, and other retailers by targeting the POS systems.
Reuters reports that the FBI has already issued a warning directly to retailers that POS hacks are going to be come more common in the next few months. (For more information on these breaches, check out “Security Recommendations for Technology Businesses with Retail Clients” on our blog.)
Hackers attack POS systems for a variety of reasons:
- The systems allow immediate access to financial information (credit card / debit card numbers, PINs, etc.).
- It's easy to embed software that will collect this information over time (sometimes for months), store it, and dump it online all at once for hackers to download.
- POS systems run on Windows XP, which make them vulnerable to the same malware as consumer computers.
How This Will Affect Small Businesses and Their IT Consultants
An IT contractor working with small business retailers should warn clients about the potential security threats their POS system will face. Using unsupported software is a recipe for disaster. It would be like trying to drive across the country in an old car you can't get parts for. If something breaks, you're out of luck.
Without security patches, Windows XP will become extremely susceptible to hackers. IT consultants need to advise their clients that they are likely to see more data breaches in the future if they don't upgrade to a new POS system.
(For more about the importance of software upgrades, see "Software Patches: the Good, the Bad, the Liability.")
Retail Hacks Could Lead to More Lawsuits in the Future
After a data breach, banks often voluntarily replace credit cards that might have been affected. The problem is that this is expensive, especially for major data breaches. Credit cards cost $10 each to replace, which means that banks have paid almost $174 million already just to cover customers affected by the Target data breach.
BankInfoSecurity.com reports that the Consumer Bankers Association (CBA) is fed up with paying for retailer data breaches. The organization has lobbied for new laws that would require companies like Target to pay for the cost of replacing its customers' credit cards.
The CBA is especially concerned because hacks are becoming more common and hackers are becoming better at using stolen data to commit identity theft. Combine the current data security climate with Microsoft's decision not to support the most popular POS software, and you can see why retailers could be headed toward more data breaches and more lawsuits.
How Can IT Professionals Cover Their Data Breach Liability?
As Microsoft stops supporting Windows XP, IT professionals need to take proactive steps to reduce their data breach liability:
- Keep abreast of IT and info security news.
- Inform customers about the dangers of the using old software.
- Convince customers to update to new POS systems.
- Invest in business insurance to protect your business from client data breach lawsuits.
If a client is hacked, you can be sued for the damages to their reputation, the loss of their profits, and the expenses to repair the breach and protect their customers from identity theft. In these situations, E and O Insurance covers your data breach lawsuits. For a free insurance quote, fill out our online insurance application.