Risk Advisory Services Blog


What’s in a Swipe: Are You Protected Against Point-of-Sale Malware?

If you process credit cards, or store and transmit credit card information, you may want to listen up. The latest breed of malware is making its rounds, and it’s particularly worrisome for small and medium businesses that do not have dedicated information security resources.

A Risky Convenience

In recent years, Point-of-Sale (POS) systems have become increasingly popular for small and mid-sized businesses that don’t need to rely on a third-party or value-added reseller. These businesses, and many others like them, may lack the robust protection mechanisms to secure their systems. The result is a much larger landscape of POS devices vulnerable to malware using RAM scraping.

What is a RAM Scraper?

Whenever you complete a transaction on your POS system, there is a moment that is especially vulnerable to malware, and it occurs in the back-end server that processes the transaction. In the milliseconds it takes for a credit card to be briefly stored and processed in the system’s memory, or random access memory (RAM), the numbers are unencrypted and exposed. Once the payment is verified, the next transaction comes through.

While RAM scraping has been around for quite a while, several new families of scrapers aimed at POS systems were discovered in 2014. Since then, the evolution of attacks against POS systems has continued, with large organizations suffering breaches alongside the small retailers and restaurants. The attack methods are becoming more varied, even against small businesses.

Latest Threats – The PoSeidon Misadventure

A new POS malware named PoSeidon is one of the latest attack codes designed to steal credit cards numbers immediately after cards get swiped through POS terminals. PoSeidon is a combination of Backoff, a previously seen malware, together with a more sophisticated downloader and installer. It has already been responsible for infecting POS terminals at restaurants, hotels and bars throughout the country.

Even more recently, security researchers from Trustwave uncovered yet another POS threat they’ve dubbed PunKey, a malicious program with three variants. With no sign that POS malware is going way, what can you do to protect your business and your customers?

Bolstering POS Defense

Defending against PoSeidon and other malware is difficult, but there are steps you can take through a defense-in-depth security protocol.

  • Find out which monitoring options are available for your POS environment and start using them. Your level of diligence must match the increased level of sophistication and patience being demonstrated by the hackers.
  • Restrict use of POS devices. Many POS devices run off the Windows operating system, which makes them handy for reading emails and searching the Web. Don’t be tempted! When you turn your POS device into a multi-use device, you’re vastly increasing the risk for malware infection. Use a dedicated computer or tablet for these activities.
  • Ensure PCI compliance: Businesses processing card transactions are required to comply with security requirements specified by the Payment Card Industry (PCI). PCI’s Data Security Standards, known as PCI DSS, are specified to protect cardholder data. Founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, the idea behind PCI DSS is to set high standards for processors of credit cards and those that store and transmit credit card information.

Skoda Minotti’s PCI DSS capabilities serve all levels of merchants and service providers. We offer PCI DSS readiness assessment, report on compliance, consulting, penetration testing and vulnerability scanning. We can implement PCI DSS compliance, and provide annual validation, consulting and penetration testing to ensure the integrity of your IT infrastructure.

For more information on our PCI DSS Compliance, contact Skoda Minotti’s Risk Advisory Services Group at 888-201-4484 or jhornreich@skodaminotti.com.

SOC Reporting Guide - Free Offer CTA

This entry was posted in Mailchimp RSS, Risk Advisory Services and tagged , , , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Comments are closed, but you can leave a trackback: Trackback URL.
© Copyright 2016 Skoda Minotti | Privacy Policy | Disclaimer | Remote Support
Cleveland 440-449-6800 | Akron 330-668-1100 | Tampa 813-288-8826
Website designed and developed by Skoda Minotti Strategic Marketing