期刊名称:Journal of Digital Forensics, Security and Law
印刷版ISSN:1558-7215
电子版ISSN:1558-7223
出版年度:2020
卷号:15
期号:2
页码:4-20
DOI:10.15394/jdfsl.2020.1614
出版社:Association of Digital Forensics, Security and Law
摘要:According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in about 14% of the 2,216 data breaches in 2017 (Verizon, 2018). These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system which is ubiquitous in smaller retail stores and restaurants. An attempt to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data were be made. Persistent storage (flash memory chips) were removed from the devices and their contents were successfully acquired. Information about the device and the code running on it was successfully extracted, although no PCI DSS data storage violations were identified. The confirmation that the POS systems examined keep our payment card information encrypted is welcome news as payment cards are still very much in use in our daily activities.
关键词:POS device; PCI DSS; compliance; data extraction; chip-off