The background description provided herein is for the purpose of generally presenting the context of the disclosure. Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
As e-commerce becomes more and more popular in people's lives, it becomes more and more imperative to secure transaction processes in order to prevent sensitive information, such as credit card numbers or identity information, from falling into the wrong hands. However, many financial transaction systems suffer from vulnerabilities that make such protection difficult.
One such vulnerability is the use of point-of-sale computing devices (“POSes”) along with peripherals for obtaining financial information. For example, many retail environments utilize credit card readers that are attached as peripherals (either through a wired or wireless connection) to POSes, such as computerized cash registers. In order to perform a retail transaction, a customer or a worker may scan a credit card of the customer in the credit card reader, which may send credit card information to the POS. The POS may, in turn, communicate with the customer's financial institution in order to process payment.
Unfortunately, systems such as these are vulnerable to attacks from within the POS. Many such POS store credit card or other identifying information in unencrypted form in internal storage or memory, or to perform keylogging to obtain information. If the POS were to contract malware, the malware may be able to read and transmit the sensitive credit card information to a malicious third party. Such attacks are not only possible, but actually documented in the real world, with millions of dollars stolen in the last few years. Existing systems have attempted to address this vulnerability, such as by requiring end-to-end encryption between peripherals and financial institutions, but such systems can require updates to peripheral hardware, which is impractically expensive to companies with many retail outlets. Other systems use hardened dongles to provide security without requiring updates to peripherals, but even these systems may be too expensive to implement on a large scale.