A FORENSIC FIRST LOOK AT A POS DEVICE: SEARCHING FOR PCI DSS DATA STORAGE VIOLATIONS

Abstract

According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in data breaches in 2017. These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system commonly used in smaller retail stores and restaurants to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data. Persistent storage (flash memory chips) were removed from the devices and their contents were successfully acquired. Information about the device and the code running on it was successfully extracted, although no PCI DSS data storage violations were identified.