Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems...

Let me explain everything one by one with example from POS to Pos malware attack ,how it can be done and what are the ways to protect from these attacks so hope you will like the answer and upvote me for the efforts I made .

A Point-Of-Sale (POS) terminal is a computerised version of a cash register. It has the ability to record and track customer orders, process credit and debit cards, connect to other systems in a network, and manage inventory. Most POS terminals contain a personal computer, which stores specific programs and I/O devices relevant to the company it will be used at. For example, a POS system for a restaurant would contain a database of every menu item which can be queried for information. POS terminals are used in most industries that have a “point of sale”, such as retail, restaurants, hotels and museums. POS terminals are also becoming Web-enabled, which makes it possible to manage global operations and inventory.

Point-of-sale Malware (POS Malware) is malicious software specifically designed to steal customer payment data – particularly credit card details – from business checkout systems. Criminals often sell the customer data rather than using it themselves.

There are two methods criminals can use to obtain a store’s customer credit card data:

1. Break into the databases where the data is stored or capture the data at the point-of-sale (POS). This requires POS equipment, such as additional card readers, which can prove to be quite expensive. The additional reader would need to be physically attached to the store’s card reader. The second device reads and stores card data from the track two magnetic strip, when the card is swiped for payment (note: this data includes the primary card number and security code).

1. Use POS Malware. This method is easier and less risky for the hacker, and data can be obtained without ever leaving home. POS Malware hunts through device memory for data in the track 2 credit card format. This data only stays unencrypted in memory for a short time, but memory scraping Malware is designed to gather data immediately after it is detect

Learn how POS malware works and how to protect against it in Data Protection 101, our series on the fundamentals of information security.

WHAT IS POS MALWARE?

POS malware is specifically designed for point-of-sale (POS) terminals and systems with the intention of stealing payment card data. It is commonly used by cybercriminals who want to resell stolen customer data from retail stores. Payment card data is encrypted end-to-end and is only decrypted in the random-access memory (RAM) of the device while the payment is processing. A POS malware attack enters through compromised or weakly secured systems and scrapes the RAM to find payment card data, which is then sent unencrypted to the hacker.

HOW DOES POS MALWARE WORK?

POS malware is often called a process scanner by IT professionals because it scans active processes on devices and scrapes anything that could potentially be useful, usually credit card data. It searches for data that matches the Track 1 or Track 2 format encoded in the magnetic strip of a credit card. This data includes the card holder’s name, primary card number, charge types permitted, and discretionary data, which can include PINs. The unencrypted data is only available for a very short amount of time when it enters the database on the device. POS malware is designed to instantly acquire the data before it becomes encrypted. Once the malware obtains the data, it sends it to another server where the cybercriminal is able to sort through the data and find credit card numbers. With the payment card data, cybercriminals can sell the information on the dark web or make fraudulent purchases depending on what was scraped.

Tips for protection

Whilst FraudWatch International does not currently provide protection services against POS Malware attacks, there are plenty of tips we can provide to assist people and companies to stay protected and secure:

• Testing: businesses should ensure that they run security audits on their POS devices before they’re rolled out. Vulnerabilities at the point of sale, along with the lack of testing, is a major cause of the ongoing POS attacks. Deep-dive testing is the key; businesses need to do their due diligence.
• Monitoring: companies should think about using two-factor authentication for remotely accessing their POS systems, rather than solely relying on password logins. Using tools that can detect unusual activity on the point-of-sale terminals themselves is much more effective than simple anti-virus and firewall services. Every computer needs to be monitored to ensure that nothing changes. It will detect whether that computer starts transmitting data in the middle of the night, or whether files are being altered.
• Encryption: no matter how clever the hackers get, even the most sophisticated POS Malware cannot do anything with the data if it is encrypted. End-to-end encryption, where customer data is encrypted all the way through the payment process (including when the credit card is swiped), will ensure that businesses are less vulnerable to any data breach.
• Use chip readers. EMV technology used by chipped cards allows customers to avoid swiping. Magnetic stripes contain unchanging data, but the chips in EMV cards produce a unique transaction code every time. This makes it more difficult to replicate payment card data.