When consumers purchase goods or services from a retailer, the transaction is processed through what are commonly referred to as Point of Sale (POS Quezon City). POS systems consist of the hardware (e.g. the equipment used to swipe a credit or debit card and the computer or mobile device attached to it) as well as the software that
tells the hardware what to do with the information it captures.
When consumers use a credit or debit card at a POS system, the information stored on the magnetic stripe of the card is collected and processed by the attached computer or device. The data stored on the magnetic stripe is referred to as Track 1 and Track 2 data. Track 1 data is information associated with the actual account; it includes items such as the cardholder’s name as well as the account number. Track 2 data contains information such as the credit card number and expiration date.
For quite some time, cyber criminals have been targeting consumer data entered in POS systems (POS Quezon City). In some circumstances, criminals attach a physical device to the POS system to collect card data, which is referred to as skimming. In other cases, cyber criminals deliver malware which acquires card data as it passes through a POS
system, eventually exfiltrating the desired data back to the criminal. Once the cybercriminal receives the data, it is
often trafficked to other suspects who use the data to create fraudulent credit and debit cards.
As POS systems are connected to computers or devices, they are also often enabled to access the internet and
email services. Therefore malicious links or attachments in emails as well as malicious websites can be accessed and malware may subsequently be downloaded by an end user of a POS system. The return on investment is much higher for a criminal to infect one POS system (POS Quezon City) that will yield card data from multiple consumers.
There are several types of POS malware in use, many of which use a memory scraping technique to locate specific card data. Dexter, for example, parses memory dumps of specific POS software related processes looking for Track 1 and Track 2 data. Stardust, a variant of Dexter not only extracts the same track data from system memory, it also extracts the same type of information from internal network traffic. Researchers surmise that Dexter and some of its variants could be delivered to the POS systems via phishing emails or the malicious actors could be taking advantage of default credentials to access the systems remotely, both of which are common infection vectors. Network and host based vulnerabilities, such as weak credentials accessible over Remote Desktop, open wireless networks that include a POS machine and physical access (unauthorized or misuse) are all also candidates for infection.