PAX POS Security and what it means to your organization

The recent PAX Technology POS cyberattack has been covered heavily in the news in recent weeks, and its impact continues to reverberate across the payments landscape. PAX terminals are already being pulled out of businesses in droves, leaving all players in the payments ecosystem wondering how to maintain a strong security posture. Matt Beale, Partner at W. Capra, added, “Security attacks should be mentioned in the same breath for predictability as death and taxes, and increasingly an organization’s security resources are too strapped for time to operate, complete project work, and continue to adapt and tune their security approach. Third parties who can evaluate your current security environment and provide critical, unbiased feedback with a plan for continued improvement are more vital than ever before.”

What do I need to do?

While thoroughly examining hardware and related setup might have limited the impact of the PAX attack, a Third-Party Security Assessment is an excellent place for any organization to start. By bringing in W. Capra to assess your security posture, you’ll have a third-party view of standards, best practices, and the current threat landscape that may need to be addressed in your organization. Beale added, “It’s not due to lack of trying, but any security program can become myopic or too caught up in particular daily issues and projects in-flight to really step back and see the gaps in a project or approach.”

Beale continued, “After a Third-Party Security Assessment is completed, your security team will want to review the findings and determine next steps.  The best approach is a zero trust architecture[1]. Additionally, the PAX attack made it clear that a machine learning-based approach to security is critical to detecting and preventing attacks. A data-driven, machine learning cybersecurity infrastructure could have monitored outgoing packet sizes and sent email alerts when spikes were detected to prompt internal investigation.”

What if heightened security still isn’t enough?

Security program architecture, implementation, and management are ever-evolving and will never reach a true point of finality. However, that does not mean that appropriate efforts and resources should not be working toward keeping your company as secure as possible. Hackers are innovative, and preventing their attacks from succeeding requires continued vigilance and ingenuity to outsmart the black hats.

Matt Beale is passionate about assisting W. Capra clients with all security and related architecture concerns. For further discussion, contact Matt Beale at [email protected].


[1] https://www.nist.gov/publications/zero-trust-architecture