How do Credit cards data end up for sale on Internet forums?
Symantec has published a paper on how POS attacks are carried out and how to protect against them. POS malware exploits a gap in the security of how card data is handled. While card data is encrypted as it’s sent for payment authorization, it’s not encrypted while the payment is actually being processed, i.e. the moment when you swipe the card at the POS to pay for your goods.
Download Symantec’s ‘Attacks on Point of Sales Systems’ whitepaper for details on how POS attacks are carried out, and how to protect against them here - http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/attacks_on_point_of_sale_systems.pdf