With the continued proliferation of technology in the daily activities of our society, private user information is commonly input to computing devices, and communicated over networks by these computing devices. For example, merchants commonly install software provided by payment processing services on point-of-sale computing devices to perform transactions with customers using electronic payment instruments. While these types of technological advances greatly increase user satisfaction by allowing transactions with merchants using electronic payment instruments, and increase profits for merchants by receiving payments from users who do not commonly carry non-electronic payment means, there are often security issues with computing devices handling private user information. For example, untrustworthy merchants or hackers may attempt to obtain private user information as the information is communicated over networks, or locally at the computing devices. Various types of attacks are used to access the private user information, such as side-channel attacks, eavesdropping attacks, bait and switch attacks, etc. Generally, the types of attacks which attempt to improperly obtain private user information locally at a computing device involve a program running locally on the computing device.
Often, operating systems provide visibility to users as to what programs are currently running on the operating system (OS). When using these types of operating systems, potentially malicious programs can be easily identified, and actions can be taken to prevent sensitive information from being access by these malicious programs. However, some types or versions of operating systems do not provide visibility as to which programs are running on a device, or whether programs are running on the device, which prevents entities, such as payment processing services, from determining whether malicious programs are running on computing devices. Thus, entities who obtain sensitive information locally at a computing device for a lawful purpose may be vulnerable to attack by malicious programs running on these computing devices.
In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items or features. Moreover, multiple instances of the same part are designated by a common prefix separated from the instance number by a dash. The drawings are not to scale.