Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Target Data Breach - Point-of-Sale RAM scraping malware

PC World shares early findings on this massive and well planned data breach.  Like Australia and Europe, USA needs to migrate from magnetic stripe card approach that is decades old.  A modern smart card system with embedded chip technology, would improve consumer safety.  The new card reader technologies are a significant change and expense for all participants.  It is on the scale of going from analog to digital TVs in 2009. 

However improved credit card standards are positive and save costs in long run.  In the 12 months leading up to June 2013, after Australia implemented EMV standards, fraudulent charges from counterfeit cards dropped by 29 percent, according to a report from the Australia Payments Clearing Association.
 
 
QUOTE: Target CEO Gregg Steinhafel said: “We don’t know the full extent of what transpired, but what we do know is that there was malware installed on our point-of-sale registers. That much we’ve established.”  
 
Malware programs designed for PoS systems are commonly referred to as RAM scrapers, because they search the terminal’s random access memory (RAM) for transaction data and steal it.  PoS systems are actually computers with peripherals like card readers and keypads attached to them. Many of these systems run a version of Windows Embedded as the OS as well as special cash register software.
 
Every time people swipe their card at a PoS terminal to authorize a transaction, the data encoded on the card’s magnetic stripe—like the card’s number, the cardholder’s name, the card’s expiration date—is passed along with the transaction request to the payment application and then to the company’s payment processing provider.
 
While this information is encrypted as it leaves the PoS system and the company’s network, there’s a period of time when it’s stored in the system’s RAM in cleartext and can be read by malware installed on the machine, which is what seems to have happened in the Target case.