Threat Category: NFC-based
ID: PAY-1
Threat Description: Attackers could potentially plant malware on Point of Sale (POS) terminals to collect credit card numbers and other private information.
Threat Origin
Demystifying Point of Sale Malware and Attacks 1
Exploit Examples
Home Depot Hit By Same Malware as Target 2
CVE Examples
Not Applicable
Possible Countermeasures
To mitigate the potential losses incurred as a result of successful PoS attacks, configure mobile payment services to use accounts with limited funds available for purchases, such as pre-paid cards, maximum transaction amounts, or daily spending limits.
To reduce the time to detection for compromised mobile payment information, perform regular review of statements for accounts for unauthorized transactions.
EnterpriseTo reduce the time to detection for compromised mobile payment information, perform regular review of statements for accounts for unauthorized transactions.
Point-of-Sale AdministratorsFollow security best practices regarding the protection of point-of-sale systems. See Malware Targeting Point of Sale Systems 3
References
O. Cox, “Demystifying Point of Sale Malware and Attacks”, blog, 25 Nov. 2015; www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks [accessed 8/24/2016] ↩
Home Depot Hit By Same Malware as Target, 14 Sept. 2014; http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ [accessed 8/24/2016] ↩
Malware Targeting Point of Sale Systems, US-CERT alert TA14-002A, US-CERT, 5 Feb. 2014; www.us-cert.gov/ncas/alerts/TA14-002A [accessed 8/25/2016] ↩