Typically, when a customer or store clerk swipes a credit or debit card, data from its magnetic stripe is collected by the POS terminal for transfer to the retailer’s payment processing provider.
But before that data is encrypted, nearly undetectable RAM scrapers — installed remotely but exactly how is still being investigated — allow hackers to extract account numbers, PINs and users’ personal information while it is in the computer’s live memory, where it very briefly appears in plain text.
“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” said the FBI report obtained by Reuters. “The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.”
On the black market, this malware sells for up to $6,000, and some reports indicate these hackers may be tied to the Russian mob. The FBI noted that one variant, known as Alina, included an option that allowed for “remote upgrades” to make it even harder for corporate security teams to identify and stop.
Point of Sale Cyber Attacks Expected to Rise at Retail Stores – AARP
Back to the Blog
2 years ago