pcamerica contact sitemap pcamerica pcamerica blog home
point of sale system












Categories

Archive

Retailers hit by security breaches, POS malware

Over the past few months, there have been a series of attacks on US retailers – most notably Target and Neiman Marcus – that were linked to malware in retail point of sale (POS) systems.

Customers expressed extreme concern when Target recently revealed that hackers had stolen 70 million of the retail company’s customer names, mailing address, phone numbers, email address and payment card data – a number much higher than the 40 million the company initially reported in December. Neiman Marcus’ customer database was also hacked in December, but did not reveal how many customers the breach affected.

Although experts have not confirmed that the two security breaches are linked, people have speculated that they could have been performed by the same hackers because they occurred around the same time. According to Target CEO Gregg Steinhafel, the company is still investigating these hacks.

“What we do know is that there was malware installed on our point of sale registers. That much we have established,” Steinhafel said in an interview with CNBC. “We have removed that malware so that we could provide a safe and secure shopping environment.”

According to Reuters, there has also been speculation that several other retailers were hit by hacks during the holidays. Although they have not come forward yet, at least three other well-known US retailers experienced security breaches that were performed using similar methods as those at Target. Sources say the security breaches occurred in outlets and malls.

Although Target has not revealed how the hackers breached its security system, Reuters sources suspect a sophisticated class of malware – known as RAM scrapers – designed to steal payment data from POS systems.

The loss of payment card data in these attacks inspired calls for companies to review their compliance with the Payment Card Industry data security standards, which require encryption of sensitive payment data when it is transmitted, received or stored. However, RAM scrapers are built to bypass the encryption methods encouraged by these standards. Payment data is decrypted in the POS system RAM for processing, which is where the “scraper” strikes.

To block these malware attacks, the US-CERT recommends:

  1. Use strong passwords to access POS devices
  2. Keep POS software up to date
  3. Use firewalls to isolate the POS production network from other networks or the Internet
  4. Use antivirus tools
  5. Limit access to the Internet from the production network
  6. Disable all remote access to POS systems