The first RAM scrapper attack

The first known RAM scraping attack was reported in an alert issued by the credit card company Visa Inc. in October 2008. The company's security team discovered that point-of-sale (POS) terminals used to process customer transactions using its cards had been accessed by hackers. The hackers had been able to obtain unencrypted customer information from the RAM in the terminals.
The targets of the earliest attacks were mostly in the hospitality and retail industries, which process high volumes of credit card transactions at a large number of locations. By 2011, investigators were tracking an uptick in the introduction of malware bugs.

Infection method

How does it work?

All the plastic credit cards contain two types of informstion:

1)First set is embedded in the magnetic stripe and is invisible to the human eye. That stripe contains two tracks of information. The first track contains an alphanumeric sequence based on a standard developed by the International Air Transport Association (IATA). This sequence contains the account number, cardholder’s name, expiration date, and more in a sequence recognizable by any POS machine. The second track uses a shorter but analogous sequence developed by the American Bankers Association (ABA). There is a third track but it is little used

2)The second piece of information is visible. It's the three- or four-digit code known as the card verification number (CVN) or card security code (CSC). This number adds an extra layer of security if it is not included in the electronic data contained in the magnetic stripe.

The POS terminal collects all of the data in that first set, and sometimes the second code as well. The data is then held in the memory of that POS machine until it is periodically purged.

Newer ways to steal credit cards data

Screen grabbers and keystroke loggers are newer ways to steal credit card data. If the user suspects that a keylogger is installed on his computer, then a number of tricks will help protect against the pest. For example, boot the operating system from a CD or USB drive, and use the virtual on-screen keyboard.

Avoiding RAM Scraping

Thwarting RAM scraping is mostly the job of the retailer, not the consumer. Luckily, a good deal of progress has been made since the infamous attacks on Home Depot and Target.

Your credit card issuers have by now almost certainly sent you a new card that is inserted into a retailer's card reader rather than swiped along the side of it. The reader uses the chip embedded in the card rather than the older magnetic stripe. The purpose of this technology is to make a POS attack more difficult.

Contactless payment by credit card is considered as safe as "dipping" a card. These are not yet universally accepted by retailers (or enabled by card issuers) but are increasingly an option.

It took a long while for this switch to be fully put in place nationwide because it required every retailer who used the new system to buy new equipment in order to enable it. If you run across a retailer who still uses the old swipe readers, you might consider paying cash instead.