pcamerica contact sitemap pcamerica pcamerica blog home
point of sale system



Meet Punkey: the Newest Threat to POS Security

Although it’s name—Punkey—conjures up images of cuddly pet rabbits, this new threat to POS security is anything but cute. Punkey has been called “a new malicious program” by PC World because it casts a very wide net. This RAM scraping program is capable of infiltrating both 32-bit and 64-bit Windows-based POS terminals. Not only is Punkey able to steal credit card data while the payment is being processed, it also installs a key logger to capture data that employees type into the system.

RAM Scraping? What is it?             

RAM Scraping is not something your dentist does (although it does sound equally painful). You also don’t keep a RAM scraper in your car in case of ice or snow. RAM actually stands for Random Access Memory and it’s where your customer’s credit card data is stored—unencrypted—for mere milliseconds in your POS terminal’s memory while the payment is verified. It is in these tiny fractions of a second when the memory is vulnerable to being scraped and numbers can be stolen. This technology is actually several years old but it’s back on the scene as of the more effective tools that can be used to compromise POS security.

Keylogger delivers a double whammy

According to PC World, card numbers and info keyed in (three digit security codes or expiration dates, for example) are captured by the keylogger and immediately encrypted before being sent back to a server. This presents a problem for merchants who think typing in the three-digit-codes on the backs of credit cards will give them another layer of POS security. Punkey whisks it all away before anyone catches on.

It’s Smart

Punkey is ready for battle. Not only can this malware compromise your POS security, steal numbers and other information, it can also update itself and download and run other tools that can harm your POS terminal and compromise your operations. The keylogger could mean privacy breaches at even higher levels—if home addresses or phone numbers are entered into the system as well as payment information.

There are ways for you to safeguard your POS security so your system stays malware-free and your customers’ payment cards are protected. For more information about which hardware and technology is the most effective, please call your pcAmerica