According to research from iSight Partners, the malware, dubbed ModPOS, is largely undetectable by current antivirus scans. The revelation comes as the retail industry is reeling from a wave of breaches uncovered since Target was hit during the 2013 holiday season.
Information sharing has been significant for retailers fending off cyberthreats, but so have efforts to limit the amount of consumer information that retailers systems can see.
One way that the companies try to limit their exposure is using more advanced forms of encryption to protect consumer data. With one method, known as point-to-point encryption, a consumers payment card data is unlocked only after it reaches the payment processor, he said.
A survey of NRFs members found that 41% had such a system in place by the end of September, he said, and the group expects that figure to rise to 85% by the end of 2015.
Security experts warn that without such protections, even new credit cards with a chip technology known as EMV could still be compromised by infected point-of-sale systems.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now