New Orleans, Louisiana
June 26, 2016
June 26, 2016
August 28, 2016
Computing & Information Technology
Abstract - Point of Sale (PoS) malware has been alarmingly successful over the past year and is estimated to have cost businesses billions of dollars. While PoS malware does not represent any major technical evolution, it suggests that cybercrime is shifting focus from the consumer to the retailer. Rather than relying on infecting relatively small groups of users with specific vulnerabilities who may conduct e-commerce a few times per month, PoS malware is able to take advantage of standardized point-of-sale deployments in the retail sector to affect thousands of systems, each reading credit-card information hundreds or even thousands of time per day.
In this paper we discuss the trends and evolution of point of sale malware. Case studies of three specific malware families are examined and recommendations are made to harden systems against similar attacks in the future. We conclude with a list of general recommendations which, if implemented, would significantly reduce both the likelihood and impact of a PoS malware attack.
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2016 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015