POS or Point of Sale malware is the term coined for the software that is found inside credit card machines, ATMs, and other devices that handle cash transactions. This also gives hackers a point-of-access to steal information from innocent consumers. Different kinds of merchants are becoming the common targets — from financial institutions and retail chains to ATM devices and restaurants, and it can often lead to identity theft. Just like with many computer viruses, one can never determine a malware or spyware infection until it creates a sever data breach.

Below are some information on what POS malware is, how it works, and what preventive measures you can do to avoid it.

What is POS Malware?

Malware is a software that is designed to gather information illegally, slow down computers, or inflict digital harm. Computer viruses usually go along with these harmful programs, and they have the capacity to spread, infect and corrupt files on your PC. However, POS malware is generally more of a program that specifically steals financial information of the user.

How is POS Malware utilized?


BlackPOS is a good example of malware that affect point of sale systems. It searches for networked point of sale computers running older operating systems, or those with administrator accounts with passwords that can be easily hacked. It is a self-installing program on computers that has the ability to capture information from credit card swipes. The information gathered will then be sent to a remote server. Cybercriminals usually authenticate the information against a bank or issuing agency using BIN Checkers.

RAM scrapers are malware that infects a computer’s memory. When an encrypted transaction occurs, the POS system’s software sends the data to the random access memory (RAM), where it is decrypted and the transaction is being processed with the financial institution. The RAM scraper malware embeds itself in the RAM chip, where it can get access to the unencrypted data. And since it hides itself on a chip that is separate from the machine’s software, it becomes difficult to be detected that other types of malware.

These explains the different natures of malware that can possibly attack your business’ POS system. There are malware that can act as a software, which is specific programs, while there are some that act as hardware, which is a physical device (such as a RAM chip) that’s infected with the malware. If you have ever heard about an ATM skimmer, that’s one example. What these thieves do is that they install a chip into ATM terminals that collects financial information once it passes through the machine, thereby using it to steal credit and debit card information of consumers.

Who are affected with POS malware?


Recent studies made by Sophos, a software company, shows that 45% that is most likely targeted by point of sale malware goes to the retail industry. It was then followed by food and beverage industry at 24%, hospitality with 9%, then financial services with 7%.

Companies that utilize point of sale systems that are running on operating system must take extra security measures in order to protect their systems from any malware infection. First, they should make sure all passwords are secure, which means it shouldn’t be easily guessed. The password must contain a combination of numbers, letters, and symbols. If a hacker easily guessed the password of an administrator account, they can spoof administrator credentials and then install malware on the machine. Another important security step is to make sure that your software is updated regularly, since attacks can go on vulnerabilities in program coding, which may be patched by a software update.

As for the consumers, make sure to shop with trusted merchants. If you notice that the online price seem too good to be true, there may be a possibility that the site is disguising as a real merchant in order to phish for your credit card information. Also, use secure ATMs that aren’t readily accessible to the kind of physical attack necessary to install a skimmer chip. Lastly, be careful of the apps that you download onto your smartphone. It has been reported that at least 50 Android apps have been found to contain malware. See to it that you only download apps from reputable software companies.

Tags: , ,

This entry was posted by Staff Writer on Friday, July 24, 2015 at 9:27:33 PM and is filed under Computer Security & Data Protection, Small-Medium Business.

Leave a Response