2016 ASEE Annual Conference & Exposition

A Call to Arms: Defending Against Point of Sale Malware

Presented at Information and Network Security


Abstract - Point of Sale (PoS) malware has been alarmingly successful over the past year and is estimated to have cost businesses billions of dollars. While PoS malware does not represent any major technical evolution, it suggests that cybercrime is shifting focus from the consumer to the retailer. Rather than relying on infecting relatively small groups of users with specific vulnerabilities who may conduct e-commerce a few times per month, PoS malware is able to take advantage of standardized point-of-sale deployments in the retail sector to affect thousands of systems, each reading credit-card information hundreds or even thousands of time per day.

In this paper we discuss the trends and evolution of point of sale malware. Case studies of three specific malware families are examined and recommendations are made to harden systems against similar attacks in the future. We conclude with a list of general recommendations which, if implemented, would significantly reduce both the likelihood and impact of a PoS malware attack.

  1. Dr. Dale C. Rowe Brigham Young University [biography]
Download paper (382 KB)

Are you a researcher? Would you like to cite this paper? Visit the ASEE document repository at peer.asee.org for more tools and easy citations.