IT Memo: Addressing POS System Data Breaches and IT Deficiencies

Verified

Added on 2020/10/22

AI Summary

The assignment addresses the rise in data breaches within Point of Sale (POS) systems due to ineffective IT infrastructure. The memo details common vulnerabilities like hacking, memory scraping malware, and phishing attacks, using Home Depot's incident as a case study where 56 million card details were compromised through vendor access. Solutions proposed include point-to-point encryption, network segregation by implementing VLANs, and managing third-party credentials to prevent unauthorized data access. The document concludes that enhancing IT system security with these measures can significantly mitigate risks of data breaches in POS environments.

IT Memo
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

To- John Smith
From – David Cook
Date- 6/2/2019
Subject – To identify problems related to IT deficiencies and actions taken to solve it
Introduction
In 2014 there occurred a data breach in Home depot in retail sector. It led to stealing of
card payment data. The memo will discuss about problems related to deficiencies in POS
systems and how data was breached by stealing information of customers. Also, it will throw
light on data breach that occurred in Home depot and measure taken by company to resolve it.
At last a conclusion is provided related to issues occurred.
Main body
In technological era, it is necessary to update and maintain IT system properly so that
data is kept secured. There has been rise in many cases of data breaches due to ineffective IT
systems. Majorly cases have occurred in POS systems (Price & Shanks, 2016). There are many
deficiencies in IT system which are as follows :-
Hacking- Hackers steal information of credit and debit cards while making payment. Here, goal
is to steal personal data such as card no., bank A/c details, PIN, etc. Through this, information is
misused.
Memory scraping malware. It reads the RAM content in POS system when payment details
are shown clearly. When data is capture it is sent to server of attacker. This results in data
breach. Similar situation occurred in Home depot where through vendors 56 million card data
was stole along with email address.
Phishing – It is a technique to obtain sensitive data such as passwords, username, etc. of
credit or debit card. It occurs when user open any message or email. The attacker sends a
malicious link leads to phishing.
In order to prevent data breach many actions can be taken. It will help in improving two
way communication and protecting data from stealing. The measure taken are :-
Point to point encryption – It is the best method to avoid data breach. While entering PIN
number it will encrypt the data before it reaches in memory. It uses a 3DES algorithms to
encrypt data. It prevents attacker from stealing the information (Soomro, Shah & Ahmed, 2016).
2

With help of P2P encryption data
Network segregation – In this POS system can be segregated from overall business network.
This must be done by using VLAN. It will help in preventing unnecessary traffic to enter in the
network by setting ACL limit. In this firewall is implemented which deny connection between
business and POS network.
Managing third party credentials – Here, the third party must be given limited access to
perform their task. It will help in detecting any misuse of resources by them. If they are allowed
to access data then they can misuse it. Thus, restricting their access will ensure protecting of
data effectively.
Conclusion
It can be concluded hacking is major issue in POS systems. It has resulted in many data
breach cases. So, by taking several actions home depot data breach can be prevented. by
implementation of P2P encryption and network segregation could have limited access to POS
network and protecting data and information.
REFERENCES
Books and journals
Price, R., & Shanks, G. (2016). A semiotic information quality framework: development and
comparative analysis. In Enacting Research Methods in Information Systems (pp. 219-250).
Palgrave Macmillan, Cham.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information Management. 36(2).
215-225.
3