Retailers: How Vulnerable am I to RAM Scraping

A Scripted Freelance Writer Writing Sample

You may have heard about Target's data breach that compromised the information of millions of customers, but have you heard about the culprit for the breaches? Learn more about RAM scraping here. The recent data breach at Target and Neiman Marcus is the worst data loss of its kind in retail history. Target alone may have lost data of over 110 million customers, which has not only affected its revenues, but impaired its relationship with customers. The culprit for the breaches: RAM scraping. This leads to an obvious question for retailers afraid of suffering a similar disaster: what is RAM scraping and how vulnerable am I? This guide will answer these questions, and more.

What is RAM Scraping?

Before we proceed, let's try to wrap our heads around the idea of RAM scraping. RAM -- for those who don't speak geek -- stands for 'Random Access Memory'. It is a type of computer storage that can store small amounts of information for short periods of time. Since RAM stores data 'randomly' (i.e. without any specific order), it is significantly faster than other forms of data storage. Every computing device has RAM. Due to its speed, RAM is typically used to store files temporarily before they can be processed by the computer. For example, when you run iTunes on your laptop, the computer first transfers the files from the hard-disk to the RAM where they are made accessible to the processor. Hacking and stealing files from RAM is called RAM scraping.

How RAM Scraping Works

Computers that store your financial data are usually encrypted. Credit card processors are similarly encrypted as well. The RAM which stores financial data before it can be transferred from credit card processors to computers, however, is insecure. This is because the computer needs to decrypt the data in the RAM before it can be processed. And this is exactly when RAM scrapers strike, searching the memory for 16-digit number combinations and storing it in a separate file.

How Vulnerable Are You to RAM Scraping?

It may have made all the headlines recently, but RAM scraping has actually been around at least since 2009. Sophos, which makes security software, warned about the phenomenon as early as December 2009. RAM scrapers didn't make an appearance in the wild until late 2011, when Sophos detected it in a number of hotel and university POS systems. The malware in question was classified under the Trackr family name - the same malware family that affected the Target POS systems. Since its appearance in 2011, this malware family has made constant appearance, particularly in the POS systems of hotels, retail stores, food services and healthcare services. A majority of incidents, 56 percent, happen in the US. This is followed by Germany, at 16 percent, Canada, with 9 percent, and the United Kingdom, at 8 percent.

How Can I Protect Myself Against RAM Scraping?

Unfortunately, the very nature of RAM scraping malware makes it very difficult to protect against. All data that goes into the RAM must be decrypted before it can be processed. Any malware that resides in the RAM, thus, gets complete access to your decrypted data. The only foreseeable way to stay safe from RAM scrapers - for now at least - is to erect watertight defenses around all points of infiltration. This means every possible infiltration point in the entire IT infrastructure chain must be kept secure - including servers, computers, and point-of-sale systems. Protecting servers and computers is easy since these are usually closely monitored. POS systems, however, are much more vulnerable. The Target malware, in fact, reached the data through the POS. The best way to protect your POS systems (and associated computers, servers, etc.) is through robust preventive measures. Some of the tactics you can adopt are: - Monitoring disk activity for any suspicious file creation - Using a robust firewall and antivirus - Maintaining detailed logs of all user activity to pinpoint anomalies - If possible, deny admin level credentials to your POS system The truth is that RAM scraping is a new breed of malware. Most retailers are not equipped to deal with it, especially if the attack comes from within. Employing robust preventive measures is the best solution. Photo Credit: Damian Gadal via Flickr.

Subscribe for the latest in Content Marketing & Freelance Writing!


Customer Ratings 0
$14.2K Earned
45 Customer Favorites
99% Job Acceptance
100% Followed Guidelines
100% Customer Happiness
Power your marketing with great writing. – Start your 30-day free trial today! Start Free Trial

While you're here, have you tried Scripted lately?

Used to be a member, but moved on? Heard of it, but never signed up? The current iteration of Scripted will amaze you! Streamline your content writing efforts and build your own team of high-quality writers. It's all you need for content writing. Try it free today and meet your next favorite writer or writers!

Scripted’s talented community of freelance writers have a variety of expertise and specialties. While many of our customers hire writers to execute their content marketing strategy, our writers deliver high-quality content in many formats. You can find content writers, blog writers, ghostwriters, and SEO writers all with experience in your niche.

Other content marketing examples from Puranjay S

The Electric Growth of the Electric Car Industry

**Tesla's emergence in the electric car industry has changed the landscape. What can we expec... Read More

Types of VoIP Systems

**Voiceover Internet Protocol (VoIP) allows you to make calls only using the internet, allowing y... Read More

Guide: What's the Best CRM for Your Sales Team

**Small businesses have very particular customer relations management (CRM) needs.** Most small ... Read More

Which Auto Manufactures Get the Fewest Recalls?

**Car recalls have become increasingly prevalent in the automotive industry. Why do these cars ge... Read More

4 Bleeding Edge Features You'll Want in Your Next Car

**The technology we have on hand has been increasing at an exponential rate. What new features co... Read More

5 Statistics to Motivate You to Make Sales Calls

**There are a myriad of ways to engage a customer in an attempt to make a sale, but the sales cal... Read More

How To Tell if Financial Advice is Bogus

**There are several financial schemes out there to entice those in vulnerable situations. Here&#3... Read More

The Need for Coding Curricula

**As tech takes over, not being able to code compares to not speaking the native language of a co... Read More