News & Resources

New malware targeting point-of-sale

Mar 28, 2013 Dave King

In the electronic payments industry, malware is no new trend. These threats have been around for years, and all signs point to attacks continuing. Antivirus firm McAfee recently announced the discovery of a strain that may target point-of-sale technology to steal vulnerable information.

According to PCWorld, the company found vSkimmer, a Trojan that infects Windows computers with payment card readers attached, in February. The malware is currently being marketed on internet forums to criminals intent on committing identity fraud.

The source explained that vSkimmer searches a computer's memory to find the data stored on an electronic payment card's magnetic strip. The virus does not work in many countries outside the United States due to its incompatibility with EMV technologies. However, PCWorld claimed a recent announcement on a cybercriminal forum promised that this capability is in development.

While vSkimmer should be a major concern for merchants, it isn't the first virus to target point-of-sale systems. Bank Info Security warned of similar dangers earlier this month, including a Trojan referred to as Dexter that enters electronic payments terminals and searches for card data in the memory. The attack is mostly used against retail stores, hotels and restaurants.

"The biggest worry, when it comes to network compromises, is not just the card data, but the user's [personally identifiable information]," Toralv Dirro, a security strategist for McAfee Labs, told the Bank Info Security. "When a network is breached, it usually affects a large number of users, and there is usually more info stored there than should be."

Dirro explained that in many cases merchants have not done enough to protect patrons' sensitive information, and that implementing more advanced protection solutions is a necessity to keep up with perpetually-evolving cybersecurity threats. Customers' consumer credit reports depend on companies eschewing the easy route and instead prioritizing safety.