Browse Definitions:
Definition

POS malware (point-of-sale malware)

Contributor(s): Matthew Haughn

Point-of-sale malware (POS malware) is malicious software expressly written to steal customer payment data -- especially credit card data -- from retail checkout systems. Criminals often purchase POS malware to steal customer data from a retail organization with the intention of selling the data rather than using it directly.

There two ways to target a store's customer credit card data: The attacker can infiltrate databases where the data is stored or intercept the data at the point of sale (POS). While there are physical methods that can be used to steal data at these points, those methods require access to the point-of-sale equipment and generally expensive hardware as well. One such method uses an additional reader attached to the store’s card reader.  The second device reads and stores track two card data for the swipe payment. Track two magnetic stripe data includes the primary card number and security code, as well as other information such as what types of charges are permitted.

POS malware is a much simpler and less risky way of obtaining that data without ever setting foot on the premises. POS malware is a type of memory scraper that hunts for data in the correct format for track 2 credit card data. This data is only available unencrypted in memory very briefly. However, memory scraping malware is designed to gather it instantly when it is detected. The credit card info is then sent to the attacker’s remote computers, to be subsequently sold on underground sites.

Some examples of POS malware include Chewbacca, Backoff, BlackPOS and Kaptoxa.

This was last updated in January 2015

Continue Reading About POS malware (point-of-sale malware)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

SearchSecurity

  • password

    A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is...

  • adware

    Adware is any software application in which advertising banners are displayed while a program is running.

  • botnet

    A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • data migration

    Data migration is the process of transferring data between data storage systems, data formats or computer systems.

  • compact disc (CD)

    A compact disc is a portable storage medium that can be used for recording, storing and playing back audio, video and other data ...

  • secondary storage

    Secondary storage is used to protect inactive data written from a primary storage array to a nonvolatile tier of disk, flash or ...

SearchSolidStateStorage

  • SSD RAID (solid-state drive RAID)

    SSD RAID (solid-state drive RAID) is a methodology commonly used to protect data by distributing redundant data blocks across ...

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close