Browse Definitions:
Definition

POS malware (point-of-sale malware)

Contributor(s): Matthew Haughn

Point-of-sale malware (POS malware) is malicious software expressly written to steal customer payment data -- especially credit card data -- from retail checkout systems. Criminals often purchase POS malware to steal customer data from a retail organization with the intention of selling the data rather than using it directly.

There two ways to target a store's customer credit card data: The attacker can infiltrate databases where the data is stored or intercept the data at the point of sale (POS). While there are physical methods that can be used to steal data at these points, those methods require access to the point-of-sale equipment and generally expensive hardware as well. One such method uses an additional reader attached to the store’s card reader.  The second device reads and stores track two card data for the swipe payment. Track two magnetic stripe data includes the primary card number and security code, as well as other information such as what types of charges are permitted.

POS malware is a much simpler and less risky way of obtaining that data without ever setting foot on the premises. POS malware is a type of memory scraper that hunts for data in the correct format for track 2 credit card data. This data is only available unencrypted in memory very briefly. However, memory scraping malware is designed to gather it instantly when it is detected. The credit card info is then sent to the attacker’s remote computers, to be subsequently sold on underground sites.

Some examples of POS malware include Chewbacca, Backoff, BlackPOS and Kaptoxa.

This was last updated in January 2015

Continue Reading About POS malware (point-of-sale malware)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • spear phishing

    Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • CIFS (Common Internet File System)

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an ...

  • GlusterFS (Gluster File System)

    GlusterFS (Gluster File System) is an open source distributed file system that can scale out in building-block fashion to store ...

  • virtual memory

    Virtual memory is a memory management capability of an OS that allows a computer to compensate for physical memory shortages by ...

SearchSolidStateStorage

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close