As carding, in general, has been ramping up, Binary Defense recommends that retail organizations use a defense-in-depth strategy to protect POS terminal devices. Threat actors typically breach security through phishing and malware on employee workstations, then move laterally using stolen administrator credentials to execute scripts remotely on POS computer systems, injecting instructions into the processes that handle card data to steal account numbers from system memory. All POS systems should be upgraded to process EMV chip cards and use point-to-point encryption. Consumers should be aware of ways to protect credit card purchases, such as using a virtual credit card for all online purchases. Similar to a preloaded gift card, a virtual credit card is a service offered by many banks and credit card companies that allows cardholders to generate a unique temporary card with a set limit on spending (typically a little more than the total purchase). This way, if the card is stolen, it cannot be used for any other transactions.

Source: https://www.justice.gov/opa/pr/malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible-more-568