But like every other system that handles transactions, people will look for ways to exploit it for personal gain. The power of greed can be shown through the efforts of those who intentionally manipulate these terminals, as some go to great lengths to trick people.
Have you ever heard of a skimmer? Skimmers are objects that are placed on top of POS terminal or ATM machine PIN pads. They are meant to look very similar to the original PIN pads, so as not to draw suspicion from any users.
As you can see from the above image, the card actually will slide through the skimmer and the user must push on the skimmer’s fake PIN pad in order to enter the PIN for their debit card or to confirm the transaction. The skimmer itself actually acts as a portable POS terminal as well, as it can “read” the card’s information when it is swiped and can keep track of the information entered into the fake PIN pad. Of course, that is a major security problem, as it allows some random person who put a skimmer on a terminal to have the PINS and the card information of every victim who unwittingly used the terminal with the skimmer on it. The wide use of skimmers were a factor in debit/credit card companies creating the EMV chip that has exploded in popularity over the past few years, as the chip is much more secure compared to the magnetic strip on the back of the card.
Skimmers are not the only thing that criminals use in order to steal information, however. As you may have guessed, the software that allows POS terminals to run are far from perfect. Major retailers, like Target, Home Depot, and Chipotle have had massive data breaches in the last few years due to security issues in their POS terminals. Tens of millions of people were affected. POS terminals are essentially personal computers that run one very simple software program. These terminals are connected to the server in a store as well, where a person’s card information is passed. If that data is not properly encrypted before being sent to the server or if it is intercepted before going through the encryption process, then it can easily be stolen. Someone could set up a physical connection between the POS terminal and the store server and “inject” code so that not only will the card information be sent to the store server, but also to the server of the perpetrator.
As stated before, POS terminals operate just like any other PC, therefore they are also vulnerable to any kinds of malware that could infect a normal computer. However, unlike a normal computer, POS terminal software is rarely updated and does not contain any anti-malware protection since only one simple program is being run on it. This means that if a POS system is ever connected to the Internet and malware is ever downloaded onto the POS terminal, it can run rampant. Malware was behind the attacks on Target and Home Depot a few years ago and is by far the most effective way for hackers to steal information from many people.
So, how can you protect yourself? Well, while some skimmers are very convincing, most are simply placed on top of the actual POS system. So, if you suspect that an ATM or POS terminal that you are about to use has a skimmer, then literally try to pull it off. It may literally come right off or it might become loose. Obviously, the other methods are a bit more difficult to protect yourself from, as they can be virtually impossible to discover beforehand. So, I suppose all you can do is pray that multinational corporations find the money to update their POS terminals so that they are no longer running on Windows XP and that they install an antivirus or two.