Petronella Blog Archive

Visit our New Blog

POS Malware: Why Your Credit Card is in Danger

Blog Post

It seems like POS (point of sale) malware has increasingly been in the news of late.  It's suspected of being the cause of stolen credit card information from major retailers including the likes of Target and Home Depot.  Considering that an estimated 60% of all retail purchases are done via credit card transactions, this is a major security threat.

What is POS malware, how does it work and what can you do to prevent becoming a victim of it?

Kinds of POS Malware

There are three categories of POS malware.  They are key loggers, RAM scrapers and network sniffers.

Network Sniffers

Network sniffers simply look for information stored on a computer or network and send that information to the hacker.  This kind of POS malware doesn't work as well as it used to and is rarely used, thanks in large part to PCI DSS compliance,w hich requires data transmissions to be encrypted.

Key Loggers

A key logger is actually pretty simple in its task.  It merely records what keys are pressed.  Some go a little beyond that and take a screenshot or video to provide additional information to the hackers.

RAM Scrapers

Also called memory dumpers, this is the most popular kind of POS malware.  When credit card information is transmitted, there is a brief window of time when the information is stored locally before it is encrypted.  RAM scrapers work by capturing the cardholder's information in that moment then sending it to a file that the hacker can access.

The POS Attack

A POS attack is not self-replicating like a worm or a virus.  It has to be made to the specifications of the system it's attacking.  The first step is for a hacker to access the corporate network.  Remote admin programs like pcAnywhere and Remote Desktop are often used to gain access.  From there the hacker will find and access the cardholder data and the POS system.  While phishing and keystroke logging are ways to gain access, a lot of companies never change the default login credentials, which is something easily preventable and should be the first step taken by any administrator in this day and age.  It's Cybersecurity 101!

Once the cardholder data environment and POS have been accessed, the hacker can test their malware to make sure it won't be detected.  Once installed, the malware creates a log file on the company's network.  This information is then exfiltrated, often to a trusted off-site server that has also been compromised by the hacker.  Sometimes the information is sent via regular, legitimate communications between the networks.

Avoid Getting Ripped Off

If you're using your credit card at a hacked POS, there's not much you can do to avoid compromising your cardholder data.  Therefore, the safest way to make sure you don't fall victim to a POS hack is to use cash.

One security measure that is starting to catch on in the United States is using chip cards.  These are credit cards with a computer chip in them for added security.  Already in wide use in Canada, Europe and Mexico, it's predicted that 70% of credit cards in the States will have security chips by the end of 2015.

With increasing instances of retailers large and small facing POS malware, it has become a growing concern.  Sometimes basic security measures and monitoring are enough to avoid or mitigate the negative repercussions of compromised credit card information, but adopting new technologies will increase credit card security as well.  If you have a point of sale system, you should contact Petronella Technology Group to set up a network security assessment to make sure your customers' information is safe and secure.