Point of Sale (Pos) systems that take payments for goods and services for the hospitality and retail industries really serve as the point-of-strike for cyber criminals stealing credit card information.\r\n\r\nApplebee\u2019s, a popular restaurant chain, is the latest to find malware on their PoS systems that infected more than 160 restaurants across the United States. The malware was designed to secure names, credit or debit card numbers, expiration dates, and card verification codes.\r\n\r\nApplebee\u2019s is not alone in this predicament. Other companies have suffered the same indignities through their PoS systems, and the trend will continue.\r\nPoint-of-Strike\r\nCybercriminals have scoured the computer systems for the hospitality and retail industries and found an easy way into the store network through the PoS workstation. This part of the system doesn\u2019t check when someone has approved access to perform critical functions, as discovered by researchers at ERPScan. The red cloak is raised, and cybercriminals just need to connect a $25 (\u00a317) Raspberry Pi to the network to upload malicious code to come charging into the network.\r\n\r\nMalicious software like PoSeidon, Alina, vSkimmer, Dexter, and FYSNA are uploaded to gather credit card information and send it back to the cyber criminal\u2019s server. Another kind of point-of-sale malware discovered by researchers at Forcepoint hides inside DNS requests to steal credit card data. This UDPoS hides in a DNS request to steal credit card data, which makes it a little more stealth and harder to detect.\r\n\r\nThe other opening for cyber criminals is third-party suppliers that subcontract with restaurants and retailers. Those organizations, in turn, hire other companies creating a long chain of providers that handle sensitive data. It is in this chain that credit card information is potentially exposed.\r\nCorralling \u2018the bull\u2019\r\nThe only way to combat this barrage of cyberattacks is to continuously monitor PoS devices and install patches regularly. In the case of the Forever 21 PoS breach, for example, the fraudsters took advantage of some PoS devices that were not updated with the latest security.\r\n\r\nNeutralizing the credit card information after a breach is another way to combat fraudulent transactions. Restaurants, retailers, and other companies offering services in the card-not-present (CNP) channel need to identify customers by means that don\u2019t rely on the \u2013 potentially stolen \u2013 static data. By analysing the user\u2019s online behaviour through hundreds of other identifiers that hackers can\u2019t imitate or steal, the stolen data is not useful anymore.\r\n\r\nMulti-layered security solutions that include passive biometrics and behavioural analytics allow vendors to protect customers whose data was stolen while avoiding fraud from happening in their environment.\r\n\r\n\r\n\r\nNuData Security is an award-winning passive biometrics and behavioral analytics company. Our flagship product, NuDetect, helps companies identify users based on their online interactions - behavior that can't be mimicked or replicated by a third party.