FBI Warns Stores To Prepare For More Credit Card Hacks

The recent malware attacks on payment systems at Target and Neiman Marcus may be getting all the headlines, but they weren’t the first such breaches, and they won’t be the last. This week, the FBI issued a warning to retailers, telling them to prepare for the inevitable hack attempts to come.

“We believe POS [point-of-sale] malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” reads an FBI report recently sent to a number of the nation’s retail chains, according to Reuters. “The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.”

The FBI says there have been about 20 cases of POS malware attacks that it knows of in the last year.

Unlike some data breaches that involve hackers breaking into retailers’ databases, the POS malware attacks are capturing credit card information as it is swiped at a credit card terminal. Through a process dubbed “RAM scraping,” unencrypted credit card data is captured in plain text during the brief period of time in which that information is live in the computer’s memory.

Wannabe cyber-criminals can purchase versions of POS malware in the back alleys of the Internet for a few thousand dollars, which is a small investment for people who could use the malware to capture thousands or millions of credit card numbers that are then re-sold.

“The high dollar value gained from some of these compromises can encourage intruders to develop high sophistication methodologies, as well as incorporate mechanisms for the actors to remain undetected,” reads the FBI report.

The National Retail Federation tells Reuters that “Retailers have been and remain vigilant in their efforts to provide the highest level of security for their data systems in order to protect against malicious and criminal acts… you can be sure that the retail industry will be responsive and engaged to ensure this particular cyber-attack does not happen again.”

According to the FBI report, the bulk of the malware attacks it knows of have involved small to mid-size retail operations, which don’t always have the sophisticated systems used by large national retailers.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.