While you are sleeping in Dubai, somebody bought a pair of shoes at a retail shop in Italy – but with your credit card?
Sounds Familiar? Woke up in nights by SMS alerts of card transactions?
Recently, sophisticated criminal groups have successfully compromised different networks, exploited point-of-sale systems and spies, well-known retailers, including the “Target Corporation,” for sensitive financial data. A key weapon in these criminal groups’ arsenal is a customized malware specifically designed to target Point-Of-Sale systems (POS), such as Chewbacca, Backoff, BlackPOS and Kaptoxa.
Malicious software expressly is written to steal customer payment data (credit card info) from POS (Point Of Sale) Systems at retail checkout systems. POS Malware is used by criminals to steal the data for selling instead of using it for their purchases.
For example, Clothing retailer Eddie Bauer LLC was compromised by POS malware at more than 350 outlets in US and Canada. This incident happened over a period of 6 months, from January 2 until July 17, 2016.
Eddie Bauer’s CEO Mike Egeck described the security breach as “part of a sophisticated attack directed at multiple restaurants, hotels, and retailers.”
This comment is likely an indirect reference to recent security incidents involving POS malware attack at Fast food chain Wendy’s, HEI hotels and resorts and software giant Oracle Corp.
POS systems are a common presence now at each and every corner of the world. These systems connected to the core network setups of the retail stores, without having the right security controls. Employees Emails, browsing, and other regular IT activities also use the same network, without robust security practices, which could be exploited by attackers.
Default logins, single-factor authentication, public exposure of services and systems are some of the common vulnerabilities that hackers could be targeting, to gain control of the POS systems for stealing credit card data.
The perpetrator tries to create a foothold for introducing malware that steals the payment card information from a POS terminal by leveraging the data available in the memory after a card swipe at the POS terminal. Another method of attack is by capturing the valid controller credentials by using keylogging techniques.
The perpetrators attack transaction data that resides in memory because it is the easiest to target. As attacks become more sophisticated and larger in scope, the focus moves towards data at rest and in transit. Cyber criminals use POS RAM scrapers to steal the data instantly that is only available unencrypted in memory very briefly. Data then sent to the attacker’s remote computers and later sold on underground sites.
So in short, the whole process can be explained as below: A perpetrator manages to deploy a malware into a retail business network, which can manipulate the POS terminals and the associated data. The control of these may be from anywhere in the world, and harder to trace them back.
Once the criminals manage to get hold of the card data, they sell it in the dark web or dedicated forums for the purpose, and buyers purchase it for a nominal cost. They then use it for online or on premise frauds by making fake cards or prepaid cards. In some cases, they sell these cards further down the line to the low-level money mules who commit in-person frauds through retail outlets or via ATMsThese POS malware attacks are not extremely sophisticated, and security experts emphasize that simple controls and better practices on POS systems can achieve far greater protection for customer data. Following recommendations should be relatively easy to implement and maintain:
How can a Merchants/Retailer secure their environment and its customers?
- Isolate or protect the POS environment from the company’s other networks and online assets.
- Default logins should be changed and use multi-factor authentication for POS credentials.
- Access to POS Terminals and related software should be with the right level of authorization and limited to key internal employees.
- Make sure the deployment of Anti-Malware solutions and functioning effectively to secure the POS terminals and other endpoints in the network.
- Ensure close and regular monitoring of all POS systems and associated functions for malware and unusual activity.
- Carry out security assessments for the technology environment and business premises, to find out security vulnerabilities/gaps that can be exploited by criminals. These reviews could include a vulnerable PC in the network, or a rogue WiFi device or access points at the premise, which may be sniffing the sensitive information transmitted between the systems, through wireless techniques.
Security Tips for Credit Card Owner/Public
- Always make sure that you have most secure cards from the Banks that has the built in chips and PINs. If your bank does not provide it, change your account to the ones who provides better security
- Make sure to use cards with limits that are affordable, if being stolen or misused.
- Always enter the PIN numbers in a secure manner, by yourself on the POS terminals, instead of dictating it to the cashier.
- Ensure to enable SMS and Emails alert for all transactions with your cards, and always monitor those, to timely detect any misuse of the cards.
- Review and reconcile your card statements on time to time basis, to detect any unauthorized or suspicious transactions using your cards.
- Be on alert and make sure the POS terminal devices are genuine (as much as possible) and not a suspicious one, that could be a fake device to capture your card details. Especially on places, where a retailer or the merchant is not looking very genuine, avoid using the cards. Also, validate the messages you get on your phone or email when you use the card for a transaction.