Directory Image
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.

Cyber Threats: Point of Sale Attack

Author: Michael File
by Michael File
Posted: Sep 07, 2015

Point-of-sale attacks happen when hackers use malicious software expressly written to steal customer payment data, especially credit card data, from retail checkout systems. Hackers, or Cyber criminals, love to steal credit card data. There are multiple ways to obtain this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale are paid for using a credit or debit card. Many large retailers may process thousands of transactions daily though their POS terminals, so it stands to reason that POS terminals have come into the cross hairs of hackers seeking large volumes of credit card data.

There are a number of internet sites openly selling credit and debit card data in various formats. The most common is "CVV2" data, where the seller provides the credit card number, along with the additional CVV2 security code, which is found on the back of the card. This information is all criminals need to make online purchases. However, some hackers also offer the more lucrative "Track 2" data. This is the data saved on a card’s magnetic strip. This information is more lucrative as it allows criminals to clone cards, meaning they can be used in brick-and-mortar stores or even ATM's if the PIN is available. The value of the data is reflected in the online sale price and these prices vary widely. CVV2 data is sold for as little as $0.1 to $5 per card through multiple internet sites, while Track 2 data may cost up to $100 per card.

So how do hackers get this data? Skimming is one of the more popular methods. This involves installing additional hardware onto the POS terminal which is then used to read track 2 data from cards. However as it requires physical access to the POS, and expensive additional equipment, it’s difficult for criminals to carry this out on a large scale. To address this problem criminals have turned to software solutions in the form of POS malware. By targeting major retailers with this malware criminals can accrue data for millions of cards in a single campaign. (As has happened to Target and Home Depot to name a few.)

Point of Sale malware exploits a gap in the security of how card data is handled. While card data is encrypted as it’s sent for payment authorization, it’s not encrypted while the payment is actually being processed, the moment when you swipe the card at the POS to pay for your goods. Most POS systems are Windows-based, making it relatively easy to create malware to run on them. This malware is known as memory-scraping malware as it looks in memory for data, which matches the pattern of the Track 2 data. Once it finds this data in memory, which occurs as soon as a card is swiped, it saves it in a file on the transaction, which the attacker can later retrieve.

Armed with POS malware, the next challenge for attackers is to get the malware onto the POS terminals. POS terminals are not typically connected to the Internet but will have some connectivity to the corporate network. So hackers will attempt to infiltrate the corporate network first. Once in the network, they will use various hacking tools to gain access to the part of the network hosting the POS systems. After the POS malware is installed, hackers usually take steps to make sure their activity goes unnoticed.

Unfortunately, card data theft of this nature is likely to continue in the near term. Stolen card data has a limited shelf-life. Credit card companies are quick to spot out of the ordinary spending patterns for their clients, as are observant card owners. This means that criminals need a steady supply of new card data.

The good news is that most retailers learn lessons from these recent attacks and take steps to prevent the re-occurrence of this type of attack. But most importantly, payment technology is also changing. Many US retailers are now expediting the transition to EMV, or "chip and pin" payment technologies. Chip and Pin cards are much more difficult to clone, making them less attractive to attackers. Even more secure are the new mobile payment options, such as Apple Pay and Google Wallet, which encrypt the transaction before it payment leaves the phone. So right now your best defense against point of sale attacks is to activate those "chip and pin" cards as soon as you receive them, or use a mobile payment option.

Go to the following webpage for an updated list of recently adware, malware & viruses so you can be careful not to allow these to be downloaded to your computer as you install other software.

About the Author

Home Cyber Defense Weekly We will be delivered to your email inbox every Friday. You have the option to read it as an email or download the newsletter as a Pdf on your computer or mobile device.

Rate this Article
Leave a Comment
Author Thumbnail
I Agree:
Comment 
Pictures
Author: Michael File

Michael File

Member since: Jul 02, 2015
Published articles: 4

Related Articles