You’ve probably heard of the 2013 uber-breach at Target in which criminals gained access to about 40 million customer credit cards. That’s just the best known of numerous data breaches that “target” point-of-sale, or POS, systems.
Criminals can steal physical credit cards or hack into databases where credit card data is stored. But another way is to install malware at the checkout counter—in the POS systems that run your credit cards. Since the malware may not be discovered for months or even years, the hackers can acquire millions of credit cards and other customer data.
Let’s look at three examples of POS breaches, all reported this summer. In the first example, hackers installed malware in the POS systems at HEI Hotels & Resorts, which operates about 50 hotels across the U.S. The malware was designed to capture payment card data as it traveled between systems—and apparently it did so for more than a year.
Another recent POS attack occurred at clothing store chain Eddie Bauer, which said it had detected malicious software in the POS systems at all of its more than 350 stores in North America. Credit cards used at those stores during the first six months of the year may have been compromised.
Perhaps most concerning, in August it was reported that an organized group of Russian cybercriminals breached hundreds of computer systems at Oracle. They also appear to have compromised a customer support portal for organizations that use MICROS, Oracle’s POS credit card payment system. The problem? MICROS is one of the three largest POS vendors, selling POS systems used at more than 330,000 cash registers worldwide.
If these POS breaches make you a little nervous about handing over your credit or debit card, well, they should. Aside from paying with cash or checks, there’s no way to completely eliminate the risk. But be sure to change your PINs regularly, use chip-enabled cards, check your billing statements every month, and consider purchasing additional fraud protection.