Sign in 

POS malware 101: Risk factors to know and how to protect your business

  1. Introduction
  2. Types of POS malware attacks
  3. How POS malware works
    1. Infiltration
    2. Residence
    3. Operation
    4. Data harvesting and transmission
    5. Persistence and spread
  4. POS malware risk factors for businesses
  5. How POS malware affects businesses and customers
  6. How to protect your business against POS malware
  7. Get started with Stripe 

Point-of-sale (POS) malware is a type of software that targets point-of-sale systems, the systems businesses use to process customer transactions. Fraudulent actors use this malware to steal credit card data and other sensitive information. Typically, malware covertly captures and transmits data to unauthorized individuals, exposing businesses and customers to potential financial risks and data breaches. The methods and level of sophistication of malware can vary, but its primary objective is the theft of valuable transaction data. POS malware, along with other types of fraud, has a major impact on businesses: the 2022 Official Cybercrime Report predicts that the total cost of cybercrime will be $10.5 trillion annually by 2025.

Below, we’ll cover what you need to know to protect your business against POS malware attacks, including how POS malware works, where vulnerabilities might exist, and the steps you can take to protect your business and your customers.

What’s in this article?

  • Types of POS malware attacks
  • How POS malware works
  • POS malware risk factors for businesses
  • How POS malware affects businesses and customers
  • How to protect your business against POS malware

Types of POS malware attacks

POS malware attacks come in many forms, each with distinct characteristics and targets. Understanding these types of attacks can help you recognize and address potential threats. Common types of POS malware attacks include:

  • Memory scrapers: This type of malware scans the memory of the POS system for sensitive data, such as credit card information. Memory scrapers often target the moment when the data is unencrypted, capturing it before it can be secured.

  • Keyloggers: This malware records keystrokes made on a POS system. It’s especially threatening because it can capture not just card data but also passwords and other sensitive information entered through the keyboard.

  • Network sniffers: Network sniffing malware monitors and captures data that travels across the network to which the POS system is connected. This type of malware is particularly adept at intercepting data during transmission, which makes it a concern for systems that rely on networked transactions.

  • Random-access memory (RAM) scrapers: Similar to memory scrapers, RAM scrapers focus on extracting data stored in the system’s RAM. They are effective because POS systems often store unencrypted data in RAM during processing.

  • File injectors: This type of malware injects malicious code into legitimate files on the POS system. The altered files function as a conduit for data theft or further malicious activities.

  • Backdoor malware: Backdoor malware creates a hidden entry point into the system, allowing attackers prolonged and undetected access. It is used for long-term data theft and system monitoring.

Each type of POS malware has a specific method and target, which makes it suited to different attack scenarios. Memory scrapers and RAM scrapers exploit the brief moments when sensitive data is unencrypted. Keyloggers and network sniffers capture data inputs and transmissions. File injectors and backdoor malware focus on sustained access and control over systems. Recognizing these characteristics can help you tailor security strategies to counter each type of threat effectively.

How POS malware works

POS malware is designed to evade detection while achieving its objective: data theft. Malware tactics are constantly evolving, but generally this is how these attacks work:

Infiltration

First, the malware enters the POS system. This can occur through phishing emails to employees, use of compromised credentials, or by exploiting vulnerabilities in the POS software. Once it has gained access, the malware establishes itself within the system.

Residence

Post-infiltration, the malware often stays dormant to avoid detection. During this phase, it embeds itself into key processes or disguises itself as legitimate software. This allows the malware to operate undetected within the POS environment.

Operation

The malware becomes active during transactions. It scans memory for unencrypted data, logs keystrokes, or captures network traffic. Sophisticated malware can even alter transaction processes or create fake approval signals, enabling unauthorized transactions.

Data harvesting and transmission

Once the data is captured, the malware packages and transmits it to a remote server controlled by the attackers. This transfer is often done in a way that avoids raising alarms.

Persistence and spread

Many POS malwares are designed to maintain a presence on the infected system for extended periods and can even spread to other connected systems, widening the scope of the attack.

Here are two real-world examples that illustrate the efficacy and dangers of POS malware:

Target

In 2013, malware infiltrated Target’s POS system, leading to the theft of over 40 million credit and debit card numbers. The malware, which was part of a broader cyber attack, captured data directly from the memory of the POS devices as cards were swiped.

Wendy’s

In 2016, malware installed on the POS systems of restaurant chain Wendy’s led to a large-scale theft of customer payment information. This attack highlighted the malware’s ability to remain undetected over a long period, causing widespread data compromise.

These cases emphasize the importance of protecting POS systems with proactive and comprehensive security measures. Regular software updates, employee training on cyber threats, strong network security, and continuous monitoring are important to safeguard against sophisticated malware attacks. Businesses need to understand how POS malware functions if they want to develop effective defenses and mitigate potential risks.

POS malware risk factors for businesses

Risk factors for POS malware revolve around different aspects of a POS system’s security, operation, and maintenance. Some systems are more vulnerable due to specific characteristics or practices, including:

  • Outdated software: Systems running outdated software are prime targets. Software updates often include security patches that address known vulnerabilities—making it more difficult for malware to exploit potential weaknesses.

  • Weak passwords and credentials: Simple or default passwords make it easier for attackers to gain access. Choosing strong, complex passwords and changing them regularly are important for maintaining security.

  • Lack of employee training: Employees unaware of phishing tactics or proper security practices can inadvertently allow malware to infiltrate systems.

  • Inadequate network security: POS systems connected to insecure networks are another risk. Malware can more easily infiltrate and exfiltrate data when attacking systems that lack proper network security measures like firewalls and intrusion detection.

  • Single-layered security strategies: Relying on just one type of security measure, like antivirus software, is insufficient. Layered security strategies that incorporate multiple defenses are more effective.

  • Physical access to systems: Systems that offer easy physical access can be compromised through methods like USB drives containing malware.

  • Lack of continuous monitoring: Systems that are not monitored regularly for unusual activities can miss early signs of a breach, allowing malware to operate undetected for longer periods.

  • Integration with unsecure third-party services: POS systems integrated with third-party services that lack thorough security measures can introduce vulnerabilities.

Certain systems are more at risk due to their specific use cases or environments. These include:

  • High-transaction environments: Systems in places with a high volume of transactions, like major retailers, are attractive targets due to the sheer amount of valuable data they process.

  • Small businesses: Small businesses might not invest as heavily in cybersecurity, making their POS systems more susceptible to attacks.

  • Older systems: Legacy systems that are not regularly updated or replaced can have security gaps that newer systems have addressed.

How POS malware affects businesses and customers

POS malware can have a substantial impact on both businesses and customers. POS malware attacks can disrupt business operations, damage reputations, and impose financial and legal burdens on businesses. For customers, these attacks create financial risks, privacy concerns, and a loss of trust in businesses that experience attacks.

The effects for businesses include:

  • Financial losses
    Financial loss includes the loss of sales revenue, the costs involved in investigating and remedying the breach, and potential fines for noncompliance with data protection regulations.

  • Reputation damage
    A malware attack can severely damage a business’s reputation. Customers lose trust in a company’s ability to protect their data, which can lead to a decline in customer loyalty and a decrease in sales.

  • Operational disruption
    Cleaning up after a malware attack often involves taking POS systems offline, leading to operational disruptions and lost sales opportunities.

  • Legal and regulatory consequences
    Businesses may face legal actions from customers or penalties from regulators for failing to adequately protect customer data.

There are also increased costs for improving security after an attack. Post-breach, businesses often need to invest in more advanced security systems, staff training, and compliance measures, leading to increased operational costs.

Customer impacts include:

  • Financial risk: Customers whose card information is stolen are at risk of fraudulent charges. While many banks offer fraud protection, the process of rectifying unauthorized transactions can be time-consuming and stressful.

  • Identity theft: Beyond immediate financial fraud, stolen data can be used for identity theft, leading to long-term financial and legal problems for customers.

  • Loss of trust: Customers may lose trust in businesses that fail to protect their data. This can lead to a reluctance to use credit or debit cards, impacting customer behavior.

  • Privacy concerns: Knowing that their personal information has been compromised can cause customers distress and privacy concerns.

How to protect your business against POS malware

For businesses seeking to protect themselves and their customers, proactive cybersecurity measures, regular monitoring, and immediate response plans are key. Protecting your business against POS malware means implementing best practices that safeguard your POS systems and enable early detection of threats. These include:

  • Regular software updates: Keep your POS software updated. Regular updates often include patches for security vulnerabilities that malware could exploit.

  • Strong password policies: Implement strong password policies. Use complex passwords and change them regularly. Avoid using default passwords that come with the system.

  • Employee education: Educate your employees about cybersecurity. They should be aware of phishing scams and understand the importance of not sharing passwords or clicking on suspicious links.

  • Network security: Secure your network. Use firewalls and ensure that your Wi-Fi network is encrypted and safe. Separate the network for your POS system from the one used by customers or for general business activities.

  • Use of antivirus and anti-malware tools: Employ reputable antivirus and anti-malware solutions. These services provide a basic line of defense against malware.

  • Data encryption: Encrypt sensitive data. Ensure that customer data is encrypted, especially during transmission.

  • Access control: Limit access to your POS system. Only authorized personnel should have access, and they should only have the access necessary to perform their jobs.

  • Continuous monitoring: Monitor your systems continuously. Look for unusual activity, such as unexpected data transfers or changes in system performance.

  • Incident response plan: Have an incident response plan in place. Knowing what to do in the event of a breach is important for taking quick action and minimizing damage.

  • Regular audits and compliance: Conduct regular security audits and ensure compliance with industry standards like PCI DSS (Payment Card Industry Data Security Standard).

  • Physical security: Verify the physical security of your POS systems. Prevent unauthorized physical access to your systems and terminals.

  • Third-party vendor management: If you use third-party vendors for POS services, ensure they adhere to high-security standards. Regularly assess their security measures.

  • Use of advanced security solutions: Consider advanced security solutions like intrusion detection systems and advanced endpoint protection. These provide an additional layer of security and can identify and mitigate sophisticated attacks.

  • Backup and recovery procedures: Maintain regular backups and have a comprehensive recovery procedure. In case of an attack, this ensures minimal disruption and quick restoration of services.

By following these practices, you can drastically reduce the risk of POS malware attacks and ensure that your business and customer data remain protected. Learn more about how Stripe helps safeguard businesses against POS malware.

More articles

Ready to get started?

Create an account and start accepting payments—no contracts or banking details required. Or, contact us to design a custom package for your business.