The transition to EMV software is supposed to make retailers and users safer, and there are still threats out there that could affect older terminals. FireEye threat researcher Nart Villeneuve recently identified a potentially dangerous strain of malware called TreasureHunt, which targets POS systems in particular. The source notes that the lagging amount of retailers that haven't converted to EMV yet are still at risk.
Villeneuve explained that the malicious program works by sending card information to a "command and control server" after obtaining it from POS sources. Users can access the compromised systems remotely and plunder them for valuable card data, which is perhaps part of the pirate theme of the malware (the developer goes by the handle "Jolly Roger").
In his conclusion, Villeneuve noted that older POS users are still in danger.
"While some cybercriminals are looking ahead in an effort to develop ways to exploit chip and PIN (as well as near-field communication technologies), many cyber criminals are looking take advantage of memory scraping POS malware while it still works," Villeneuve said. He added that attackers will "turn their attention to smaller retailers and banks that may not be as prepared for the transition."
Whether or not they have made the transition yet, retail companies have to assess whether or not they are still at risk of possible malware like this. Ian Murphy of Retail Dive said that this might serve as a "wake-up call" for those businesses that still haven't implemented EMV, especially with the possible threat of fines from related incidents.
Security is a strong factor to consider when shopping for credit processing software, and businesses should invest in a solution that will increase their safety at the POS without costing too much.