A POS Intrusion is an attack that happens at the Point-of-Sale device. The POS device in retail stores process credit card transactions at check out. Newer devices allow you to Tap or Insert your credit card to charge you for your mechandise. Older POS terminals still require you to swipe your magnetic strip,to complete the sale. Most PoS devices run a variant of Windows and Unix. Malware can run on either of these operating systems allowing hackers to steal your credit card information.
Modern POS devices (tap and insert) encrypt the data received from the chip on your credit card before sending it out of the POS device itself to a Merchant underwriting vendor who validates the card is good and sends back a yes (approved) or no (declined) message to the retail store’s Point of sale software which records the transaction and prints a receipt.
Older POS devices read from the magnetic strip on the back of the card, do not encrypt the information collected, and send it for approval or denial. These POS devices are much easier to steal from than the more modern Tap and Insert devices.
Apple Pay and Google Pay go one step further by providing a dummy credit card number to the POS device which is sent to a merchant underwriter for clearing. That merchant has the original credit card number onfile for processing and tables to match the fake or dummy card number to the individual making the purchase in question. This convoluted approach to credit card transactions is the most secure method in use today because it protects the actual original card number of the card owner from ever being witnessed in a credit card transaction local to the retail store thus preventing the ability for hackers to steal the credit card number.
Additional Reading: A First Look at the Target Intrusion, Malware
Why Google Pay and Apple Pay are More Secure than traditional Credit Cards
Related Terms: Malware, Encryption