I recently listened to a presentation by a security group that performs forensics work when a merchant experiences a credit card data breach. Here are the breach trends they've seen during 2008:
Methods of entry - largely unchanged
- Insecure remote access software
- SQL injection
Breaching credit card data - evolved strategies
- Capturing credit card data in transit over the network between devices
- Via program modification after a vulnerable application was breached
- Via collection of Random Access Memory (RAM) contents
Techniques used - most apply to software POS
- Key-logging
- Network sniffers
- Serial port sniffers
Case study
In one case study they shared the criminal was able to penetrate the network via remote access software. They then installed a debugging tool to collect RAM contents and malware to parse track data. The malware then uploaded the data to a Russian website. The merchant was using a PABP POS that was not collecting prohibited cardholder data.