First Data has detected an increase in trolling, in which hackers test networks for remote access into open or poorly protected point-of-sale systems, with their chief target being smaller, Level 4 merchants that process less than 1 million transactions annually and are largely non-compliant with the PCI Data Security Standard. Such merchants are especially susceptible to compromises of debit and credit card data.
Meanwhile, the U.S. Secret Service's Erik Rasmussen warns that POS hacks are the most popular breach method for card fraudsters. He notes that almost 50 percent of the card breaches probed by the Secret Service involve malware, and the retail, food and beverage, and hospitality industries are the most vulnerable.
It is up to processors and banking institutions to spread awareness of POS attacks among Level 4 merchants, but many small retailers are still not cognizant of the threat. Since Level 4 merchants are not mandated to undergo compliance audits by qualified security assessors, the card brands assume that the merchants evaluate themselves, and this a hazardous security strategy, according to First Data's John Graham.