Protect Your POS Devices, NOW

Just because you are a Higher Ed institution does not mean the bad guys have not targeted you. Unfortunately, the University of California Riverside just found that out. In a news release the school advises that campus cash registers at food service locations were compromised, and that up to 5,000 individual card numbers may have been compromised. These cards didn't just belong to students, but may have included parents and visitors, too.

I don't have any specific information on this breach other than what is in the release. What they do say, though, is disturbing: "The hacker had unauthorized access to card numbers, cardholder names, card expiration dates and an encrypted version of debit card pin numbers [sic]."

Attacks -- both physical attacks on POS like skimming (as I wrote about here) and "cyberattacks" on Web-facing systems -- increasingly target smaller businesses like higher education. Why? The reason seems to be because smaller businesses have poor security or none at all.

You do not want to have to go to your president to ask for budget (to set up a website, field calls, write a FAQ, etc.) and approve a press release telling your students, parents, alums, and friends to "monitor card activity carefully, and report any suspicious activity."

Protecting the POS should be part of your annual security training. The bad guys are out there. They target higher ed institutions. And if you are compromised, please know you cannot expect any special treatment from the card brands as far as fines or other penalties. You are a merchant, and you lost the data. Game over.