Submit :
News                      Photos                     Just In                     Debate Topic                     Latest News                    Articles                    Local News                    Blog Posts                     Pictures                    Reviews                    Recipes                    
Beware! Your cards can be hacked at ATMs and POS terminals
With the recent reports of data breaches from ATMs involving over 3.5 million debit cards in India and banks rushing to block as many number of cards, warning bells should ring for those who frequently flash their plastic cards anywhere and anytime to shop, specially at unauthenticated or unsecured point of sale or payment terminals.
The incident also threw open a serious debate on how far our ATMs and Point of Sale payment structures are safe when malware experts adopt all new techniques to export vital credit/debit card details from POS terminals to their far exist servers.

Though it is still not clear that how much money was siphoned off from card holders' account and how banks are going to compensate customers, it is now clear that debit and credit card holders can't sit back and relax.

Recently, actress Nargis Fakhri lost her Rs 6 lakh to a fraudulent credit card transaction when her 'cloned' card was swiped in the US when she landed in India.

How do card breaches happen?

Many of the payment card breaches that were reported worldwide in the recent months were from hospitality and retail businesses. Hackers always look for easy target. Security experts say that POS systems are relatively easy to intrude since majority of them have older and easily accessible security protocols.

In majority cases, attackers use memory scraping malware, which is nothing but rogue software programs, to infect point-of-sale systems. But places like India, where the awareness on card breaches is abysmally low among card users and retailers, malware experts can adopt several easier ways to steal data, due to lack of encryption and authentication between POS payment systems and card readers, warn experts.

POS systems become easy target

POS terminals are specialized computers doing all necessary functions required for retail business. These systems mostly run Windows and have peripherals like touch screens, card readers with PIN pads, keyboards, receipt printers and barcode scanners. Every POS system has a particular payment application installed to handle transactions and other in-store works.

One of the common ways attackers steal credit/debit card data from POS terminals is by contaminating them with suitable malware program through remote support credentials or other techniques. These programs are known as RAM or memory scrapers because they look for credit card details from system's memory when it process payment applications.

Bhaskar Venkatraman, CEO of, a leading e-commerce firm exclusively deals with POS technology products in India, said: "Retailers and banks should take extra care while offering cash-less transaction services to customers at POS. Point to Point Encryption (PTPE) is an ideal way to protect customers' sensitive card details getting pilfered to unscrupulous hands. Here data from PIN pad to the payment processor can be encrypted. If P2PE is not possible on existing hardware, retailers should consider shielding the communication path between payment terminals and POS software with Transport Layer Security (TLS) and digitally sign all requests sent back to PIN pads by payment applications."

Mobile payments with digital wallet services should be used wherever is possible as they are safer than using conventional POS payment terminals, he suggested.

With malware experts finding Indian gateways too easy to indulge financial frauds, the service providers and IT experts should tighten the security screws more firmly to deny access of vital customer information to data card fraudsters.

Editorial NOTE: This article is categorized under Opinion Section. The views expressed in this article are solely those of the author and do not necessarily represent the views of In case you have a opposing view, please click here to share the same in the comments section.
Email Id
Verification Code
Email me on reply to my comment
Email me when other CJs comment on this article
Sign in to set your preference
merinews for RTI activists

Not finding what you are looking for? Search here.