From: TechRepublic

By

                     In the wake of Target’s massive data breach, Michael Kassner explores the rise of POS malware and botnets.

After the Target data breach, I became curious as to how digital criminals were able to manipulate Point of Sale (PoS) systems without raising red flags. From what I’ve read, it’s surprisingly easy.

Before we dive into what the bad guys can do: let’s take a quick look at a generic PoS system. PoS hardware consists of the device used by customers to swipe their credit or debit card, and the computing equipment electronically attached to the device.

PoS software are the applications that process the data found on the credit or debit card’s magnetic stripe. Key information the software looks for is stored on two tracks:

  • Track one: Cardholder’s name and account number
  • Track two: Credit-card number and expiration date

Many PoS systems are Windows-based

I am not sure why, but I assumed PoS applications would use proprietary software. But they’re not; most are Windows-based. This blog post from Arbor Networks iterates what that realization means, “PoS systems suffer from the same security challenges that any other Windows-based deployment does.”

They may have the same security challenges, but the Arbor Networks blog touches on why threats targeting PoS systems are more of a concern:

“Potential brittleness and obvious criticality of PoS systems may be a factor in the reportedly slow patch deployment process on PoS machines, which increases risk.”

Read Complete Article