Keeping Hackers Away from Your POS Terminals

May 11, 2017

Greg Guez  By: Greg Guez
 Executive Director, Embedded Security, Maxim Integrated


A few years ago, big-box retailers including Target and Home Depot made headlines when their point-of-sales (POS) systems were breached. Personal data from millions of consumers was leaked. Despite incidents like these, spoofing, skimming, and hacking aren’t very difficult and are still happening. In fact, a researcher with security data and analytics solution provider Rapid7 devised a small, $6 tool that can open hotel room doors and break into POS systems and cash registers.

The global Payment Card Industry (PCI) Security Standards Council maintains, evolves, and promotes security standards for the industry. Founded by major payment products companies, the organization aims to standardize security efforts across the industry. Its PIN Transaction Security (PTS) standard, PCI-PTS, calls for robust security controls for payment systems, adding testing requirements to validate vendor documentation of policies and procedures related to device management.

Maxim’s MAX32590 DeepCover secure microcontroller, which has achieved PCI-PTS v4.1 certification, is inside the Invenco G7 OPT (outdoor payment terminal). Invenco is a finalist for the NZ Hi-Tech Company of the Year award. A modular EMV-compliant payment system with a 12-inch multimedia touchscreen, the G7 OPT enables a self-service payment experience. The system accepts EMV, magnetic stripe, contactless (including mobile phones), barcode-reading, and mobile wallet payments. Users can program its display with responsive content that can help drive additional sales.

invenco g7 outdoor payment terminal

Invenco’s G7 outdoor payment terminal accepts a variety of payment options and can display customized content to help drive additional sales

To comply with PCI PTS, the G7 OPT had to pass stringent levels of differential power analysis (DPA) attack testing. Maxim provides a cryptographic library with sophisticated algorithm protection means—one of the few IC suppliers to do this. The company also provides a security evaluation report from an independent laboratory, decreasing the amount of time and cost associated with PCI-PTS certification by several months. Having the MAX32590 in its design helped G7 OPT’s compliance with the challenging certification requirements.

Secure Microcontroller Saves Design Time and Costs

Using a secure microcontroller such as the MAX32590 addresses the challenges of speeding time to market and also lowering costs. The 32-bit, Linux-based microcontroller simplifies designs because it requires fewer external components. The highly integrated chip features an ARM926EJ-S processor core, patented external bus, advanced physical security, and much more. Learn more about how the MAX32590 delivers tamper-resistant security by reading my article, “Safeguarding POS Terminals with Secure Microcontrollers” on Fintech Finance.