Cyber thieves target shoppers at retail point of sale terminals

A cashier swipes a credit card. There are about 17,015 point of sale (PoS) machines in Kenya. PHOTO | FILE

What you need to know:

  • Point-of-sale (PoS) terminals ‘provide’ reliable data to criminals, according to The 2016 Data Breach Investigation report by Verizon Enterprise.
  • The pay points are used to mine information from customers’ Automatic Teller Machine (ATM) cards, making them an easy target for cyber criminals.

Pay points are the latest targets for data theft and fraud, a cyber-security summit was told Thursday in Tanzania.

The Africa Security Summit in Dar es Salaam heard that point-of-sale (PoS) terminals ‘provide’ reliable data to criminals, according to The 2016 Data Breach Investigation report by Verizon Enterprise.

African countries covered in the report include Kenya, Egypt and South Africa. The pay points are used to mine information from customers’ Automatic Teller Machine (ATM) cards, making them an easy target for cyber criminals.

Shoppers mainly use cards at retail outlets such as supermarkets, petrol stations and hotels. Statistics show that there are about 17,015 point of sale (PoS) machines in Kenya, translating into one PoS serving about 2,350 customers.

The country however has 24.9 million mobile money users who transact across six platforms — M-Pesa, MobiKash, Airtel Money, yuCash, Orange Money and Tangaza — backed by a network of more than 121,000 agents.

Fraud is mainly preventable if PoS security systems are tightened and more cyber security personnel are trained and deployed, experts said. 
Africa Currently has about 3,500 cybercrime personnel far short of the increasing cases of online theft.

READ: No reports of identity theft with new chip-and-pin cards

William Makatiani, the chief executive officer of Serianu, a local IT firm, said that building a database security strategy should be the first step for a company.

“It is surprising, then, that businesses don’t prioritise investment in protecting their databases. Even if an organisation’s perimeter is breached, by placing security controls around sensitive data, detecting and preventing SQL injection attacks (where a malicious code is injected), monitoring database activity, encrypting data at rest and in transit, redacting sensitive application data, and masking non-production databases, organisations can reduce the risk of data exfiltration,” he said.

Employees still pose the biggest challenge in cyber security even as companies continue investing billions of dollars in ensuring data security.

According to the Verizon report, over 75 per cent of cyber-attacks in the East African region are caused by insiders, mostly disgruntled employees. Companies were urged to make encryption a priority in protecting IT systems.

“This proactive approach (encryption) is fundamental to spotting and neutralising these threats before they have a significant impact on company data,” said Oracle’s Senior Vice President for Africa Janusz Naklicki.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.

Get it First!

Stay up to date on the editors' picks of the week.

Latest

  1. Standoff as community fights to buy Lipton Tea assets

  2. Safaricom boost as Ethiopia slashes termination charges

In the headlines

View All