It's been said that currency is full of germs. It's easy to imagine that cash registers are filthy, too. Some of these germs are actually malware-inside of electronic cash registers, invisible to the eye, just as are live germs. Perhaps a thousand businesses have this infectious problem, says the U.S. Department of Homeland Security.
This is called point-of-sale (POS) malware. Businesses are required to be PCI-DSS compliant (payment card industry data security standard) or face consequences if there's a breach. It's been recommended that merchants use PCI-DSS version 3.0 to prevent these infections.
However, merchants are slow-moving about these things, and a change-over is far beyond the horizon. But as this transition occurs over the next several years, cyber thieves will be focusing more on small retailers.
Another issue is that merchants aren't usually the first to discover a data breach; the customer often is, when they see unauthorized charges on their card statements.
Card companies have no sympathy for retailers who use very outdated technology to respond to breaches. Card companies will sock retailers with fines and will not pay for the cost of investigations.
Some retailers have actually sued POS system suppliers, but almost always, the cases get settled-not because these suppliers are guilty of wrongdoing, but because they don't want the negative attention.
Because collectively, retailers aren't up to the task of keeping up with the technology, which is what the payment card industry urges them to do, the hackers will continue to hang around like flocks of pigeons waiting for the next crumb to be tossed out.
Many say the bleeding will stop sometime in 2016 once "Chip and PIN" cards are fully deployed. Those are the cards with the sim card looking chip on the face. But this may not solve all the problems either. We still need to get rid of the magnetic strip on all cards. And, PCI-DSS 3.0 is effective January 1. But it may be daunting to merchants who just want to focus on selling their goods.
Meanwhile, go to your bank or card company's website and sign up for text or email alerts so you are in tune with every charge that is made.