Increase in Point of Sale Malware Intrusions Possible During Holiday Season


Systems Affected

During the holiday season, PoS malware is a key method for cyber criminals to obtain millions of credit card numbers by only compromising a small number of networks. While criminals often use PoS malware to target small to medium-sized retail establishments, recent high-profile data breaches against major retailers demonstrate they are willing and capable of hacking retailers of all sizes operating with network security vulnerabilities.

Cyber criminals can use PoS malware to steal payment card data by remotely infecting PoS systems without the need to physically access the cards or the devices used to process them. Consequently, cyber criminals can compromise PoS systems on a larger scale, increasing the number of potential victims. The use of PoS malware by cyber criminals to fraudulently obtain stolen credit or debit card information poses a significant threat to retail establishments, financial institutions, and consumers whose data is compromised.

Threat Level



The FBI assesses data breaches caused by point of sale (PoS) malware may increase during the holiday season. Retailers and merchants are encouraged to remain vigilant and to implement best practices in an effort to mitigate these attacks.


The FBI assesses the use of PoS malware by cyber criminals may continue to rise due to the availability of PoS malware in the cyber underground, including new malware or variants of previous malware, and the ongoing process by US retailers to implement or accommodate Europay, Mastercard, and Visa (EMV) Chip cards.


Solution/ Workarounds

Ensure your network security is compliant with the Payment Card Industry Data Security Standards 3.1.
Change default passwords, configurations, and encryption keys. Use strong passwords.
Keep anti-virus signatures up to date.
Ensure your operating system is up to date. s IT professional(s) review, test, and certify the need/compatibility of the patches or update prior to installing it onto your operating system or installed software.
Restrict access to the Internet on PoS systems.
Install and regularly update anti-malware solutions. credit card data on your network.
Harden PoS systems by removing network identifiers. Do not advertise PoS systems within your network.
Reimage PoS systems regularly. Compare the system before and after reimaging to detect any abnormal activity.
Implement stricter encryption methods, such as Point to Point Encryption, which deters cybercriminals from using PoS malware.
Only allow required processes to run on PoS systems.
Implement two-factor authentication for remote access to PoS systems.
Ensure proper firewall rules are in place, only allowing remote access from known IP addresses.
Enable remote access only when needed. Contact your PoS vendor or integrator to take immediate steps to disable remote access when not in use.
Use the latest version of remote management applications.
Require customers with Chip and PIN cards to use EMV readers at PoS terminals.



s National Press Office at or (202) 324-3691.


The information provided herein is on "as is" basis, without warranty of any kind.


© Copyright Sri Lanka CERT|CC. All Rights Reserved.