PCI Forensic Investigators (PFIs) have identified links between improperly installed POS applications and merchant payment data environmentcompromises. Specifically, small merchants remain to be targeted by hackers attempting to access cardholder data via security protocol gaps in remote–access services used by integrators and resellers to facilitate monitoring and software support.
Remote access solutions (e.g., LogMeIn, PCAnywhere, VNC, and Microsoft Remote Desktop) are commonly used to provide remote management and support for retailers. Used correctly, remote management applications are an efficient and cost effective method of providing technical support among large numbers of merchants. However, if exploited, they have the potential to expose payment card data and other sensitive information to cybercriminals. Insecurely deployed remote access applications create a conduit for cybercriminals to log in, establish additional “back doors” by installing malware, oftentimes with the capability to record keystrokes, capture audio and video from the affected computer and steal payment card track data. The risk of data compromise is increased when remote access applications are configured in a manner that does not comply with the PCI DSS.