Though PoS (point-of-sale) malware have been around for years, the explosion of data breaches and PoS RAM scrapers began in 2014. High-profile targets in various industries, including retail and hospitality, were victimized by PoS malware, resulting in a sharp increase in the number of infected PoS systems in 2014.
The motivation should be easy to figure out—the theft of payment card data has become common because it yields quick monetary rewards. In the past, attackers had to physically skim payment cards, but today, they use malware to steal payment card data, primarily from credit cards. Attackers prey on vulnerable systems to get inside their targets’ networks, including third party organizations that have access to the enterprise’s network.
Since the Target data breach in 2013, several other incidents have since shown not only an increase of PoS breaches but that attackers have refocused on SMBs due to the lack of cybersecurity budgets that enterprises have to prevent breaches.
With the recent introduction of new payment technologies such as EMV and RFID contactless cards, business are expected to upgrade to new secure payment systems. However, attackers will attempt to come up with new strategies against these improved systems and environments.
In our expert insight video, senior threat researcher Numaan Huq talks about the current PoS security landscape, how PoS systems get breached, the impact it could have on affected organizations and its customers, and why it will still remain a threat despite the newer payment technologies.