Criminals love credit cards. As a new white paper from Symantec pointed out, credit card-related theft is one of the earliest types of cybercrime, and as we’ve seen by the recent retail breaches, credit and debit cards remain a prime target. The white paper added that Point of Sale (POS), the point at which the retailer first gathers credit card data, has become a favorite way for the bad guys to steal the data. The reason they like it so much is simple: Security hasn’t kept up with technology. These gaps make it easier than ever for thieves to take aim at retail credit card data by using POS malware.
In a Symantec blog post, Orla Cox explained:
POS malware exploits a gap in the security of how card data is handled. While card data is encrypted as it’s sent for payment authorization, it’s not encrypted while the payment is actually being processed, i.e. the moment when you swipe the card at the POS to pay for your goods. . . . Most POS systems are Windows-based, making it relatively easy to create malware to run on them.<