ID Theft

POS malware data breaches and why they keep happening

In recent news, more and more reports have surfaced about data breaches impacting millions of consumers. Many of these data breaches involve a business’s point of sale. The main objective of point of sale (POS) breaches is to steal your 16-digit credit card numbers. Sixty percent of Point of Sale (POS) transactions are performed via credit card, which means big business for cybercriminals (individual credit cards can be sold for up to 100 dollars apiece). The industries most affected by POS data breaches are usually restaurants, retail stores, grocery stores and hotels. The mainstream media tends to cover stories when the big brand retailers fall victim to these attacks, but data breaches actually happen more frequently to small and medium sized businesses because they are easier to compromise than the computer networks of large retailers, according to Verizon’s 2013 Annual Data Breach Investigations Report.

How Does a POS System Become Breached?

Small and medium-sized businesses are easy targets for cyber criminals because they are simpler for these criminals to access, and generally have more lax security and policies than a larger corporation. The POS systems that these companies use to ring you up are basically computers that often run on Windows, and are as susceptible to the same threats that a regular Windows-based computer is vulnerable to. The credit card data is first stored on the machine, unencrypted for processing purposes. When malware finds its way onto the machine, it goes after the unencrypted stored payment information. The malware collects the data and then sends the information to a remote server.

How Is It Executed?

Besides being used for sales transactions, many of these computers are also used by employees for checking email, surfing the Internet and even checking social media during their downtime. Therefore this malware is often spread via phishing and social engineering, often sent as malware in email attachments or embedded in malicious links. The attacker chooses a target and usually sends a phishing email that is highly tailored to their victim. These exploits are usually extremely successful due to lack of software updates on these machines and allow the malware to exploit out-of-date, unpatched security vulnerabilities in the system’s software.

Although smaller businesses may be an easier target, these attackers do have their sights set on larger corporations, such as those you hear about in the news. It just takes some more investigative legwork on the attacker’s part to successfully launch an attack on a larger chain. Large retailers usually have POS systems in multiple sites that connect to a centralized server. There are many ways that an attacker can gain access to a corporate network, such as sending targeted phishing emails with malicious software to members within the organization. Once it has infected a network machine, the malware can infect other machines on the network, eventually making its way to the POS.

How To Stay Protected

  • Regularly monitor your bank accounts, credit reports and any other financial accounts you have for suspicious activity. If the financial companies you do business with offer activity alerts, sign up for them. If you happen to discover fraudulent activity, contact your financial institution as soon as possible.
  • If you find out that you are involved in a data breach, do your homework and collect as much information you can. Find out what kind of data breach your information was involved in and what company that data breach occurred with. Depending on they type of data breach, your credit card information, user name and password and other personal information may have been stolen as well.
  • Monitor any notices from the companies you do business with. Once a vulnerable company has communicated to customers that they have been affected by a breach, follow the instructions that they suggest their customers perform.
  • If you are consumer with the company that suffered a data breach, start to closely monitor your bank and financial accounts. Even if you have experienced no fraudulent activity on your account, that doesn’t mean that you are safe. In order to further evade detection, it may take several months for the thieves to use the stolen credit card information.

While it seems that these incidents are happening too frequently for comfort, you can still shop normally and stay protected. Follow the advice in this article, and enjoy peace of mind with the fact that there are anti-fraud laws in place to protect you. However, in order to use this protection, it is up to you to stay alert as to what is happening with your financial accounts and report any incidents within a timely manner.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2019 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.