Card present breaches involving POS compromises or gas-pump skimmers continue to decline. Attacks against e-commerce payment applications are satisfying the financial motives of the threat actors targeting this industry.
234 incidents, 139 with confirmed data disclosure
Top 3 patterns
Web Applications, Privilege Misuse, and Miscellaneous Errors
represent 81% of breaches
External (81%), Internal (19%) (breaches)
Financial (97%), Fun (2%), Espionage (2%) (breaches)
Payment (64%), Credentials (20%), Personal (16%) (breaches)
Not such a POS anymore
Let’s jump in our DBIR time machine and travel all the way back to four years ago. It was the second year that we featured the incident classification patterns and the top pattern for Retail was POS Intrusion, along with remote compromise of point of sale environments, with all of the malware and payment card exfiltration that comes with it. Coming back to the present year’s data set in Figure 63, the times they are a-changing.