In the wake of the Target and Neiman Marcus data breaches, Cisco suggests encryption at the point-of-sale terminal. In a blog post this week, Cisco's Threat Research Analysis & Communications (TRAC) team advises retailers on how they can detect future payment card compromises and shorten the remediation window for such attacks.
The TRAC team zeroes in on hardware encryption devices at the POS terminal. The payment card data attacks on Target and other retailers are possible because the POS payment system includes third party software installed on the terminal, Cisco says.
+MORE ON NETWORK WORLD: Target: Up to 110 million affected by data breach+
The payment card data is susceptible to interception in memory before the encryption process and transmission across the network.
attacks on point of sale (POS) terminals and payment card networks are the most efficient way for criminals to steal track data and (often) associated PINs in bulk
The Cisco blog notes that this is enhanced by American companies' continued use of magnetic stripe payment cards. Indeed, it states that the US remains one of the few first world countries still using magnetic stripe payment gathering.
As use of these cards will likely continue, the Cisco blog asserts that attempting to profile memory scrapes - like the one that victimized Target -- from previous attacks may be of little use since they were modified or customized for the specific attack. They probably haven't been seen before.
So in addition to POS encryption, Cisco recommends NetFlow analytics and Lancope's StealthWatch Management Console on the POS terminal to generate alerts and indicators of compromise based on flow sessions and behavioral baselines. Cisco also recommends application and change process detection, and an approved list of compression tools.
More from Cisco Subnet:
The Cisco Subnet blog is written by Network World managing editor Jim Duffy Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
Follow Jim Duffy on Twitter