Stealing payment card data and PINs from POS systems is dead easy
Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.
POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers with PIN pads. They also have specialized payment applications installed to handle transactions.
One of the common methods used by attackers to steal payment card data from PoS systems is to infect them with malware, via stolen remote support credentials or other techniques. These malware programs are known as memory or RAM scrapers because they scan the system’s memory for credit card data when it’s processed by the payment application on the POS system.