RAM Scraping Attack

DEFINITION of 'RAM Scraping Attack'

A type of electronic fraud in which malware is installed at a point-of-sale terminal, and allows debit or credit card information to be illicitly collected. A RAM scraping attack focuses on the terminal’s memory, called random access memory (RAM), during the brief period of time when the terminal communicates transaction data to the back-end system.

BREAKING DOWN 'RAM Scraping Attack'

In the last few decades, credit cards and debit cards have become the preferred method of payment for a large proportion of consumers. Businesses provide card terminals at the point-of-sale to allow consumers to swipe their cards, with the terminals using a variety of encryption methods to protect the numbers from being stolen.

RAM scraping attacks are designed to take advantage of an electronic card terminal’s random access memory, which stores the credit or debit card information for a brief period of time while a transaction is taking place. This memory is used to tie together the card, the terminal, and the computer servers. When the card information is stored in the terminal’s RAM it is unencrypted, and thus exposed to software that can copy the information.

RAM scraping software can be introduced into a computer system in a variety of ways, and is often designed to not appear to be threatening. Scraping software may be specifically installed in systems that lack up-to-date security system patches, but can also be introduced into the system by employees that open files or attachments without understanding who has sent them or what they are designed to do.

In the United States, credit and debit cards use a magnetic strip that lets a terminal identify the account to charge. Relying solely on the magnetic strip is a less secure method than requiring the use of a PIN and chip, which is a security feature of many credit and debit cards outside of the United States. Having a PIN makes it more difficult for stolen credit cards to be used.