According to the Department of Homeland Security (DHS), more than 1,000 U.S. businesses – including Target, Neiman Marcus, Dairy Queen, and UPS – may have been affected by the Point-of-Sale (POS) malware Backoff. Because it takes seven months on average for organizations to detect breaches – many retailers may not yet know their systems are infected.
Backoff is malicious software that that can penetrate a POS network and then capture data as cards are swiped for payment. The DHS says that any remote access software that is not securely managed could be used by hackers to compromise a system. Once they connect, hackers often achieve administrative privileges on remote machines, making it simple for them to upload the Backoff malware and begin credit card information theft.
There is nothing particularly innovative about how Backoff works. Copies of Backoff are readily downloadable from the Internet. The simplicity and completeness of its design is why it has been able to pull off some of history’s biggest credit card thefts. Once installed, it grabs credit card data out of memory, writes files with sensitive authentication data, and transmits stolen information in standard HTML posts.
The key to defeating Backoff is embracing modern layered security measures that secure both the POS and the network. Recognizing the need to help retailers implement such a solution, Intel, in partnership with NCR – a General member of the Intel® Internet of Things Solutions Alliance – developed Intel® Data Protection Technology for Transactions (Intel® DPT for Transactions).
This solution closes the POS security gap by creating a transaction path that directly routes data from the POS terminal to the bank’s servers (Figure 1). Using a combination of hardware authentication and end-to-end encryption, it separates transaction processing physically and logically from the POS operating system.
Figure 1. Intel® Data Protection Technology for Transactions (Intel® DPT for Transactions) creates a separate and secure transaction path that routes payment and customer data from the POS terminal to the bank’s servers.
This design isolates transactional data from start to finish, rendering it inaccessible by the POS system, its memory, and its operating system – the targets of POS malware. Intel DPT for Transactions employs various Intel® and McAfee technologies that provide trusted execution on the client and secure communications to remote management servers. An excellent video provides more on how Intel DPT for Transactions secures data in a protected channel.
A software solution, Intel DPT for Transactions is designed to work with many Intel® processors used in today’s POS systems. This includes 2nd, 3rd, 4th and 5th generation Intel® Core™ processors and the Intel® Atom™ processor E3800 product family. If you already have systems based on these processors, you don’t need to buy new hardware. You can just get the software. Your customer data will then be protected by a flexible and future-proof solution that enables endpoint authentication and reduces security worries.
New Systems and Boards Featuring Intel® DPT for Transactions
Intel DPT for Transactions is scheduled for release in the first half of 2015. Retailers looking for systems featuring Intel DPT for Transactions can already find compatible solutions from Alliance members already set up with it or ready for it.
A good example is NCR’s RealPOS XR7 (Figure 2). More than 100,000 of these systems are already deployed with retailers. The RealPOS™ XR7 features a sleek, modern appearance with a slim profile and zero-bezel design. Powered by 4th generation Intel® Core™ processors, it combines energy-efficient performance with support for advanced features such as multi-touch and gesture support. It is available in either a 15” standard format or an 18.5” widescreen touch display, making it ideal for use as a POS or a kiosk. The XR7 can be customized with a variety of peripheral options, including an encrypted magnetic stripe reader (MSR), biometric fingerprint reader, camera, wireless module, and a family of coordinating customer displays.
Figure 2. NCR RealPOS XR7.
Along with Intel DPT for Transactions, NCR offers a companion security software solution: NCR DataGuard. It adds additional manageability through a centralized, cloud-based enterprise tool. The combination helps deliver more protection for sensitive consumer data, plus allows retailers to carry out configuration, set security policies, receive alerts, and generate advanced reporting.
The HP* RP5 Retail System Model 5810 is available with Intel DPT for Transactions as well (Figure 3). Powered by a choice of 4th generation Intel Core processors, the RP5 5810 delivers excellent flexibility through a comprehensive selection of ports to connect displays, retail peripherals, and other add-ons. It also offers additional security features, including a TPM 1.2 Embedded Security Chip integrated with its NIC, for the conscientious retailer. Optional security choices include HP* ProtectTools Security Software Suite, Smart Card Manager, an HP Desktop Security Lock Kit, and a security cable with Kensington lock.
Figure 3. HP* RP5 Model 5810.
Tell Backoff to Back Off!
Stay vigilant in protecting operations against Backoff and more sophisticated threats by looking for POS systems that include Intel DPT for Transactions. To view more solutions offering Intel DPT for Transactions, see the Intel Internet of Things Solutions Alliance’s Solutions Directory.
Contact featured members:
Solutions in this blog:
Roving Reporter (Intel Contractor), Intel® Internet of Things Solutions Alliance
Associate Editor, Embedded Innovator magazine