Appendix A
POS Vulnerability Rank Calculator
From a drop of water a logician could predict an Atlantic or a Niagara.
— Arthur Conan Doyle
Security Questionnaire and Vulnerability Rank
The POS Vulnerability Rank Calculator is based on a security questionnaire that is intended to provide a brief risk assessment of the POS system and/or its associated payment application and hardware. The goal is to introduce a universal tool for initial evaluation of the POS/Payment application security posture which can then be followed by a more detailed risk assessment process. The result of the assessment is a numerical score (“vulnerability rank”) ranging from 0 to 20, where 0 indicates ideal POS security, and 20 indicates a payment system without any security. Keep in mind that fewer than 10 years ago, almost any POS system would have received a rank of 20, while today some sophisticated products score closer to 0.
When merchants are in the process of selecting a new POS payment software and hardware, they can use the calculator to quickly review several products and determine the POS Vulnerability Rank of each solution. The results can then be used to further evaluate each product. In addition, vulnerability ranks calculated for specific implementations can be published by merchants, software vendors, or security assessors so that consumers (cardholders) are also able to compare different systems and become aware of the risks of swiping their cards at particular business locations.
The Scoring ...
Get Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
