Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Security Insights Blog

Backoff Trojan Is Back: Protect Your Business From The Next POS Breach

The Point of Sale malware, trojan.backoff has been reported to have affected more businesses than was originally determined by the Department of Homeland Security. Find out the best way to protect your business, and your customers.
Created: 22 Aug 2014 • Updated: 25 Aug 2014 • 1 comment
Solange Deschatres's picture
+7 7 Votes
Login to vote

The New York Times has reported that the Department of Homeland Security has expanded its estimate of businesses affected by the Trojan.backoff Point of Sale malware. Over 1000 total businesses in the U.S. are reported to have been affected, up from around 600, which was reported earlier this month. Dubbed “Backoff”, this Trojan malware steals customer payment details through remote access applications.

This kind of activity appears to be growing. Identity theft, according to the Bureau of Justice Statistics, affected 16.6 million people in 2012. Hackers sell credit card data in underground markets. Credit card data is used to produce fake credit cards, or make online purchases.


How Can Retailers Protect Customers?

According to Symantec security expert, Kevin Haley, a properly configured endpoint protection product can block even the most dogged attacker, especially when it comes to a POS system. As a device with limited functionality, a POS is easier to secure than a PC with email and web-browsing capabilities.


Multi-Layered Protection


Symantec Endpoint Protection 12.1 includes System Lockdown, Application Control, Device Control and Firewall capabilities, providing multiple layers of protection to maximize security.  These tools allow you to minimize the attack surface by limiting the specific applications running on the system, as well as regulate which devices and applications are allowed to access the network.  Limiting applications and network accessibility on the machines can render malware useless.

Existing SEP customers can optimize their POS protection by following our guide, available here.

For more important links to help safeguard your business, please visit:

Upgrading to SEP 12

How To Secure your Mobile POS Devices

Secure Your Point Of Sale System


How Can Customers Protect Their Information?

Most customers no longer carry cash everywhere they go, so it is important that they are equipped with the information to help them to keep their finances safe.

Here are a few key tips for consumers:

  1. Sign up for online access to credit card accounts via the credit card company’s website, or download the app.
  2. Track online transactions and regularly verify purchases.
  3. Report any suspicious transactions to a credit card company immediately. In most cases, fraudulent charges can be reversed, and the account frozen to prevent any further theft.

Comments 1 CommentJump to latest comment