Asee peer logo

A Call to Arms: Defending Against Point of Sale Malware

Download Paper |


2016 ASEE Annual Conference & Exposition


New Orleans, Louisiana

Publication Date

June 26, 2016

Start Date

June 26, 2016

End Date

August 28, 2016





Conference Session

Information and Network Security

Tagged Division

Computing & Information Technology

Page Count




Permanent URL

Download Count


Request a correction

Paper Authors


Sarah A. Cunha

visit author page

Sarah Cunha is a student at Brigham Young University studying Information Technology with an emphasis in Cyber Security. She is originally from Dos Palos, California. She has participated in multiple Collegiate Cyber Defense Competitions and Capture the Flag events and currently is employed as a Research Assistant in the BYU Cyber Security Research Laboratory. Sarah is an active member of the BYU Red Team which has participated in several penetration tests for departments on campus, and businesses in the local area. Sarah has come to love both offensive and defensive cyber security and is currently planning on pursuing a Masters degree emphasizing Cyber Security.

visit author page


Dale C. Rowe Brigham Young University

visit author page

Dr. Rowe has worked for nearly two decades in security and network architecture with a variety of industries in international companies. He has provided secure enterprise architecture on both military and commercial satellite communications systems. He has also advised and trained both national and international governments on cyber-security.
Since joining Brigham Young University in 2010, he has designed a variety of courses on Information Assurance, Cyber Security, Penetration Testing, Cyber Forensics and Systems Administration and published over a dozen papers in cyber-security.

visit author page

Download Paper |



Abstract - Point of Sale (PoS) malware has been alarmingly successful over the past year and is estimated to have cost businesses billions of dollars. While PoS malware does not represent any major technical evolution, it suggests that cybercrime is shifting focus from the consumer to the retailer. Rather than relying on infecting relatively small groups of users with specific vulnerabilities who may conduct e-commerce a few times per month, PoS malware is able to take advantage of standardized point-of-sale deployments in the retail sector to affect thousands of systems, each reading credit-card information hundreds or even thousands of time per day.

In this paper we discuss the trends and evolution of point of sale malware. Case studies of three specific malware families are examined and recommendations are made to harden systems against similar attacks in the future. We conclude with a list of general recommendations which, if implemented, would significantly reduce both the likelihood and impact of a PoS malware attack.

Cunha, S. A., & Rowe, D. C. (2016, June), A Call to Arms: Defending Against Point of Sale Malware Paper presented at 2016 ASEE Annual Conference & Exposition, New Orleans, Louisiana. 10.18260/p.26259

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2016 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015