Computers and laptops
Browser extensions
Home and office network
Manual settings
Smartphones and tablets

POS terminal infection - how to prevent and protect the payment system

The security of POS terminals has been questioned. POS terminal infection

October 20, 2020

The security of POS terminals has been questioned. POS terminal infection.

Infection of POS terminals - software and hardware systems for trading or automated workstations of a cashier - is a cybercriminal's activity aimed at stealing bank card data and further withdrawing funds.

Infection of a POS terminal is a range of actions aimed at stealing credit card data for the purpose of illegal cashing out. Various criminal schemes can be used depending on the impact and goals of the scammers.

What are the ways to infect payment terminals?

Depending on the nature of the information and the scope of tasks, there are:

  • RAM scrapers are aimed at dubbing the records of the contents of the RAM, since the RAM contains the necessary data about the transactions performed. All received data is sent to a separate server owned by the attackers;
  • keylogger and RAM scraper - in addition to data in RAM, they also record all keystrokes on the terminal so that attackers can fix card codes to steal data from users' credit cards.

With the constant improvement of malware, it is possible to obtain data with less effort, which is why payment processors use various methods to prevent such thefts. This can be either a conventional two-factor data transfer, so that programs go through several rounds of verification for data transfer, or the physical elimination of surveillance cameras that can record data input to the payment terminal.

Who can be the object of influence

The malware is embedded not only in the card reader in the payment terminal, but also in the gadgets that control it. It can be both smartphones and computers. Because all information is transferred unencrypted to the PC, the encoding process takes place a little later. It is this coding feature that is of interest to fraudsters, they are simply trying to intercept the data until the moment of encoding - the full name of the cardholders, CVV code and card number. This data is more than enough to create a complete copy of a credit card and simply use it for spending in stores and online systems.

Chipped cards are slightly better protected, since all information is encrypted even before the data is transmitted to the payment terminal. But all the same, attackers can copy the necessary data to create a clone of the card and make payments in those terminals that are not equipped with a chip reader.

Possible sources of threat and how to prevent data theft?

Infection of a payment terminal can be carried out in several ways - through a cable, USB port, substitution of the terminal itself with malicious code, etc. In some cases, fraudsters can remotely inject code by hacking the website of the service company.

The average user simply cannot prevent an attempt to steal card data unless they completely stop using it. The banking company itself needs to take various measures to protect its payment terminals. Among such measures, it is worth highlighting:

  • regularly checking the system for malicious code;
  • regular inspection of the payment terminal housing to avoid connecting suspicious devices;
  • using only proven and reliable antivirus programs.

The set of measures is not limited to this, but even this is enough to reduce the likelihood of theft of user data from a payment device.