Forget keyloggers and packet sniffers. In the wake of industry rules
requiring credit card data to be encrypted, malware that siphons clear-text
information from computer memory is all the rage among scammers, security
researchers say.
So-called RAM scrapers scour the random access memory of POS, or
point-of-sale, terminals, where PINs and other credit card data must be stored
in the clear so it can be processed. When valuable information passes through,
it is uploaded to servers controlled by credit card thieves.
While RAM scrapers have been around for a few years, they are a "fairly new"
threat, according to a report released Wednesday that outlines the 15 most
common attacks encountered by security experts at Verizon Business. They come in
the wake of Payment Card Industry rules that require credit card data to be
encrypted as it passes from merchants to the processing houses.