Understanding and responding to POS malware

Last updated:January 2015

Editor's note

Starting in 2013, attacks on the point-of-sale systems of major retailers like Staples, Target and Neiman-Marcus made us painfully aware of the threat that POS malware poses. Retailers like these held caches of immensely valuable data, including credit card numbers and personally identifiable information (PII). And hackers got a hold of it.

This guide explores the nature of the threat, primarily by reviewing the story of the point-of-sale malware breaches of the past year, and examines the damage done, but also proposed strategies that retailers and security pros can take to prevent the next POS malware disaster.

1The nature of the POS malware beast today

As 2014 ended and 2015 began, experts began assessing the nature of the threat POS malware poses now, and noticed some interesting characteristics and recent changes. For instance, while the number of attacks may be dropping, they are just as deadly to retailers. The time lag between attack and detection (not to mention alerting the consumer) is a source of danger, too.

2Defending a POS system

POS systems are everywhere, and hackers are too -- and they are determined to get to the valuable data those systems contain. Is there no hope? It's a tough security issue but there are things professionals in the security field, and retail system managers, can do to make it tougher for the bad guys and, with luck, keep them out altogether. This section walks through how to create the most secure point-of-sale system and network possible.