Learn More about POS Malware Analysis
Before considering POS malware analysis, we need to understand the payment process and how transactions are settled and authorized. At Comodo, we believe that POS security is necessary, and work hard to ensure that you understand the implications of such a system.
Who Is Involved
There are seven parties involved in the transaction process, including:
- Customers. These people are cardholders purchasing the goods using a credit card.
- Merchants: These are the people who sell the products/services and accept credit card payments.
- Acquirer: This is the bank that settles/processes the cc transaction.
- Issuer: The issuer is the bank/financial institution that issued the card to the customer.
- Card Brand: These can include MasterCard, American Express, Visa, and others
- PSP: The Payment Service Provider is a third-party company that handles the transaction, and not all businesses use them.
- Payment Switch: An in-house or third-party provider that offers routing services between the merchant and more than one PSP (not always necessary)
First, the card has to be authorized, which happens when the customer goes to purchase goods and swipes the card. The acquirer sends the request to the brand network, who sends it to an issuer. They will return the codes to the acquirer, who forward the info back to the PSPs and merchants. Once authorized, the merchant can give the customer their goods/services.
The full day’s sales are stored in a batch and at the end of the day, the batch is sent to acquirers to receive payment. They will also clear the batch, and the merchant gets paid by the acquirer.
POS malware analysis means finding the POS malware before it can attack at any time mentioned above. Because information is sent to so many places and then stored on the merchant’s server, there are many places where an attacker could squeeze in and cause problems. Contact us today to learn more about how we can help.