Threat Category: NFC-based
Threat Description: Attackers could potentially plant malware on Point of Sale (POS) terminals to collect credit card numbers and other private information.
Demystifying Point of Sale Malware and Attacks 1
Home Depot Hit By Same Malware as Target 2
To mitigate the potential losses incurred as a result of successful PoS attacks, configure mobile payment services to use accounts with limited funds available for purchases, such as pre-paid cards, maximum transaction amounts, or daily spending limits.
To reduce the time to detection for compromised mobile payment information, perform regular review of statements for accounts for unauthorized transactions.Enterprise
To reduce the time to detection for compromised mobile payment information, perform regular review of statements for accounts for unauthorized transactions.Point-of-Sale Administrators
Follow security best practices regarding the protection of point-of-sale systems. See Malware Targeting Point of Sale Systems 3
O. Cox, “Demystifying Point of Sale Malware and Attacks”, blog, 25 Nov. 2015; www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks [accessed 8/24/2016] ↩
Home Depot Hit By Same Malware as Target, 14 Sept. 2014; http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ [accessed 8/24/2016] ↩
Malware Targeting Point of Sale Systems, US-CERT alert TA14-002A, US-CERT, 5 Feb. 2014; www.us-cert.gov/ncas/alerts/TA14-002A [accessed 8/25/2016] ↩