Last year was remarkably tainted with the number of data breaches involving notable retail companies in the United States such as Target, Neiman Marcus, Michaels, and White Lodging. The incidents resulted in cases of unauthorized access, stolen data and credit/debit card account info, making 2013 the most attacked year in history. In the wake of these attacks, more data breaches were revealed early this year, including a breach at Fazio Mechanical Services, a heating and refrigerating company. Other retail companies, such as eBay, Spec’s, and St, Joseph’s Health System, were also compelled to disclose that they've been breached as well.
This time of year also marks Target’s massive point-of-sale (PoS) systems breach using Black PoS malware, a PoS RAM scraper that scrapes card information from point-of-sales systems. According to reports, an estimated 40 million credit and debit card numbers were stolen, along with 70 million personal records of Target shoppers. Additionally, island hopping was another tactic attackers used to gain access to its PoS networks.
According to a recent report, Kmart’s PoS registers were compromised by malicious software that stole users' credit and debit card information. While they claim that the new type of malware has been removed, there is still an ongoing investigation that involves inspecting the remnants of malware and containing the breach. Adding up to list of recent incidents is the Dairy Queen breach that resulted in stolen customer data including names and statements across 395 locations nationwide.
It's safe to assume that cybercriminals behind PoS RAM scraper malware are going to continue to target retail companies, mainly because the high volume of credit transactions they process make them lucrative targets. Security experts also believe that PoS systems will continuously be hacked, which is why it’s critical for brick-and-mortar merchants to take preventive security measures like securing both PoS devices and networks, deploying patches, and complying to Payment Card Industry security guidelines. However, it is also recommended to go beyond PCI compliance and strengthen anti-malware security by employing robust security software.
Customers must also regularly check their credit card reports and statements, and make sure that operating systems and applications running across all devices must be fully up-to-date. Lastly, it's also advisable to install security software that has the proper solutions to fight banking-related malware and attacks.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).