The Retail POS System Malware Epidemic | Transaction Services

The one thing every retailer dreads is a hack or other form of security breach. However, the vast amounts of personal data a POS system can hold will always be a target for criminals; most credit card/debit card payments are made via POS systems, this results in rich pickings for cybercriminals or gangs seeking huge volumes of payment card data they can exploit.

Malware: Every Business Is a Target

Throughout 2016, there have been numerous reports of attacks against retail point of sale systems, and they were rarely out of the news during the summer. Major companies that were targeted include clothing company Eddie Bauer, a variety of hotel chains, and a possible infection was announced by designer handbag company Vera Bradley.

However, it is not just high profile companies that are the focus of malware. In a report entitled Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks, Trend Micro highlighted how small and medium sized businesses were being targeted because of their weak security, and start-up companies often don’t have a budget to implement strong security measures either, but with 45 per cent of small businesses falling victim to POS malware, and warnings that attacks are becoming more aggressive, every company needs to act to reduce their risks.

The Rising Rate of Malware Attacks

In 2015, security firm Gemalto say there were 1,500 malware attacks. Most of these were against merchants, and POS systems were the main target; data security experts have warned that it is likely cybercriminals will continue to target these vulnerabilities in the future.

Why the apparent increase? One of the theories is the change to chip cards that is currently underway in the United States. FireEye Threat Intelligence concluded that cybercriminals were in a rush to infect systems before the changeover to chip cards is complete as they will be more difficult to exploit. However, it was always feared that with the change to EMV underway, fraudsters would turn their attention to softer targets.

Another explanation contributing to the rise could be the changes in the way we pay: the more payment options there are, the more possible vulnerabilities there are to exploit. The rate of mobile commerce is steadily increasing, as is the use of mobile wallets – and there are calls for a greater focus on app security to counter mobile malware attacks.

However, lax security in general is a problem, too. POS systems need to be patched, and kept updated to help guard against newly identified vulnerabilities, and if your company’s POS system is reliant on Windows XP, or versions that are no longer supported by Microsoft, this also poses a security risk. Moreover, there are multiple ways of infecting a system, which naturally increases the possibility of an attack.

The Increasing Availability of Malware

Credit card/debit card skimming is one of the favored ways of obtaining credit card data. However, malware is increasingly easy to obtain.  It can found through forums on the dark web or custom made for criminals who want to target POS systems for the data they hold. In addition, more families of POS malware are being identified, and malware easy to spread through email attachments or botnets.

BlackPOS is just one form of malware that has been a regular feature on underground forums, and FastPoS has recently been making headlines. Once created, malware will exploit vulnerability on a system, and once the details have been obtained, the data can be sold in large volumes for just a few cents at a time.

However, a further factor that makes malware attractive to cyber criminals is its affordability – and sometimes it can found online for free.

New Vulnerabilities

As new vulnerabilities are identified, new ways of exploiting them are always quick to follow and there are several reasons why POS systems can be vulnerable to such attacks. For instance, the firmware and software that comes with them isn’t always up to date with the latest in security standards.

In the past, there have been several alleged weaknesses identified in the security of POS systems, and unfortunately, there are more just waiting to be discovered.

In a recent report, threat detection company Attivo Networks warns that it has identified vulnerabilities that have the potential to cause significant breaches throughout the holiday period and into 2017.

The report explains how cybercriminals can remain undetected while they find a way to compromise a POS system. Because of this, Tushar Kothari, CEO of Attivo Networks, has predicted a ‘significant increase’ in POS attacks throughout 2017 and added that systems have probably already been breached, so retailers need to be on their guard.

Protecting Your POS System Against Malware

There are several steps you can take to reduce your risks, however, don’t ever be complacent, even if you think are doing enough. Follow these tips to help protect your business against POS malware.

  • Begin with the basics. Make sure that your POS system is up to date with patches, fresh updates/upgrades, and if the manufacturer uses a default password, make sure it is changed.
  • Always get your POS fitted by a qualified installer – a poorly installed POS system is more vulnerable to attack.
  • Keep software up to date.
  • Implement multiple layers of security.
  • It is advised to not connect your POS system to the Internet, and to disabled website browsing. If you do connect to the Internet, proper security measures and website restrictions should be in place.
  • Ask your merchant services provider about the specific security measures you should take for your model, and what security measures are already in place.

You can find some additional security tips HERE.


POS malware attacks are becoming increasingly sophisticated, and it’s a major threat that isn’t going away. As the way we pay for items evolves, so will POS malware and key loggers, file and network scrapers, and other forms of malware will all remain a threat both now and into the future.

With the rise of more sophisticated and aggressive attacks, and with thousands – or potentially – millions of customers’ card data at stake, every business must do their bit to reduce their risk of malware.