As UK companies more and more transfer towards cashless payments, cybercriminals are concentrating on point-of-sale (POS) systems. In the primary half of 2025 alone, £600 million was stolen via payment-related fraud, a 3 per cent enhance on the identical interval in 2024.
Managing Director at myPOS.
How POS malware works
POS malware is software program particularly designed to steal customer cost data. In many circumstances, the stolen knowledge is bought to different dangerous actors, who can exploit it in numerous methods. Attackers accomplish that utilizing quite a lot of strategies:
Article continues under
- Exploiting vulnerabilities – POS methods run on widespread working methods like Windows, Linux, or Android variants. Weaknesses can emerge from outdated software program, unpatched third-party elements, or poorly secured networks. Attackers could scan for unsecured IP addresses or compromise Wi-Fi connectors to remotely plant malware, steal knowledge, or disrupt operations.
- Physical set up – contaminated USBs or different media can introduce malware, permitting attackers to watch, seize, and transmit delicate knowledge.
- Brute pressure assaults – automated packages cycle via 1000’s of username and password mixtures to interrupt into methods.
- Compromised credentials – stolen login particulars from earlier breaches, together with these of third-party distributors, permit attackers to impersonate professional customers and transfer laterally inside methods undetected.
- Insider threats – workers may be bribed or misuse their entry to tamper with gadgets or set up malware, permitting silent knowledge theft. Once in a POS system, malware collects delicate knowledge and infrequently transfers it to distant servers, leaving companies susceptible to monetary loss and reputational harm.
Types of POS malware
Not all POS malware works the identical approach, every variation operates with its personal tactic and goal, making every one efficient in several conditions.
- RAM scrapers – seize unencrypted cost knowledge in reminiscence throughout processing.
- Network sniffers – intercept and log network site visitors to acquire delicate data, making it a well-liked purpose for concern for these counting on networked transactions.
- Keyloggers – document keystrokes on POS terminals or linked gadgets to retailer login credentials and card data.
- File injectors – embeds dangerous code straight into real POS system recordsdata. Once compromised, these modified recordsdata act as a gateway for knowledge theft or different malicious actions.
- Backdoor – creates a hidden entry level, giving long-term, undetected entry to the system.
Reducing threat: Best practices for UK companies
Preventing POS malware requires a holistic method that mixes expertise, course of, and folks. Key methods for companies embody:
- Secure POS community and gadgets Insecure networks are a standard vulnerability that invitations POS malware assaults. To guarantee safety, prioritize utilizing encrypted connections, which can assist safe knowledge in transit. Businesses can depend on safe communication protocols like TLS for this objective. Always implement software program updates and usually patch for vulnerabilities in POS software program and gadgets.
- Access controls Implementing strict consumer entry insurance policies ensures that solely licensed personnel can entry delicate methods. Multi-factor authentication, distinctive passwords, and role-based entry add an additional layer of safety for distant entry and scale back the chance of insider threats and credential compromise.
- Physical POS safety To reduce dangers, block entry and make it accessible solely to licensed personnel. Ensure constant monitoring of bodily gadgets and conduct common inspections for tampering or unauthorized modifications. Don’t neglect the significance of securing peripheral gadgets, like barcode scanners, receipt printers, and different equipment.
- Advanced anti-malware options Deploy dependable anti-malware instruments and intrusion detection methods (IDS) to determine suspicious exercise. Keep software program and signature databases up to date to detect rising threats.
- Encrypt delicate knowledge Protect cost data with PCI-validated point-to-encryption. This additionally helps companies adjust to Payment Card Industry Data Security Standards (PCI DSS.
- Strengthen vendor and third-party safety Check whether or not third-party companions observe strict safety practices and select correctly earlier than partnering. Most importantly, when beginning a partnership with a brand new vendor, talk about their safety obligations and embody them in your contracts. This will preserve everybody on the identical web page and can set clear safety expectations.
The enterprise crucial
For UK SMEs, the results of POS malware assaults lengthen past simply monetary loss. Breaches can harm buyer belief, incur regulatory penalties, and disrupt day by day operations.
Proactively implementing security measures isn’t just a technical necessity however a strategic enterprise choice that safeguards each income and popularity.
In a fast-moving funds panorama, companies that prioritize POS safety, combine workers coaching, and undertake a proactive, layered safety technique are higher positioned to cut back threat and preserve buyer confidence.
The purpose will not be merely compliance, however resilience: guaranteeing that digital cost methods function securely, reliably, and with out interruption.
We’ve found the best POS system for food trucks.
This article was produced as a part of TechSwitchPro’s Expert Insights channel the place we characteristic the very best and brightest minds within the expertise trade immediately. The views expressed listed here are these of the writer and are usually not essentially these of TechSwitchPro or Future plc. If you have an interest in contributing discover out extra right here: https://www.techradar.com/news/submit-your-story-to-techradar-pro