Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Credit card fraud: What you need to know now

Stacy Collett | Aug. 31, 2017
Credit and payment card thieves are getting more sophisticated as chipped cards drive them to account takeover and card-not-present schemes.

“Any of these big drivers for web technology have become very widespread, so they make very good targets for compromise,” he says.  An opportunistic attacker will booby trap the source code on a site, so that when a user types in a credit card number or other personal information, they steal that information. WordPress’s security weaknesses were exposed in February when hackers infiltrated and vandalized up to 1.5 million blog website pages supported by the open source website creation tool.

Identifying a booby trap is somewhat difficult, Spruell says. “There’s no readily accessible notification that it’s happening,” but site owners can monitor what scripts are running on the site. “If you’re on your ecommerce site and suddenly you find that your browser is also being told to connect to another site to access JavaScript, that’s a very good indicator that the site has probably been booby-trapped,” Spruell says. “Or if you find foreign scripts being included in your site, that’s a very good tip-off that this is happening,” he adds.

It’s also important to understand your digital footprint, Spruell says. When ecommerce sites are hosted by a third-party service, the business may not always be aware of who’s running them, where, or whether they’re being updated or maintained properly, he says. “Be conscientious about extending your digital footprint into that shared gray space where you start to lose visibility and control, and the ability to secure it.”


POS malware still a threat

Despite the move toward EMV chip cards, point-of-sale (POS) malware continues to vex merchants’ payment systems, most recently with the discovery of MajikPOS malware in North America, which TrendMicro reported on in March.  

According to TrendMicro, MajikPOS operators use a combination of POS malware and remote access Trojans, or RATs, to attack their targets. The bad guys gained access to the victim’s end points through Virtual Network Computing and Remote Desktop Protocol, poorly secured by easy-to-guess username and password combinations. The RATs were installed in the endpoints somewhere between August and November 2016.

If the endpoint catches the bad guys’ interest, they use a combination of VNC, RDP, RAT access, command-line File Transfer Protocol to install MajikPOS by directly downloading the files. MajikPOS then contacts its command-and-control server to register the infected system. MajikPOS checks a range of popular credit cards, and after verifying the credit card’s track data, the information is sent to the C&C server, called the “Magic Panel,” which leads to online shops for the bulk sale of stolen credit cards.

“We’re seeing more of these all-encompassing turnkey services built around stolen credit card data and the malware to use them,” says Jim Walter, senior research scientist at Cylance. “It makes the management side of the data, as well as the packaging and sale of the data, a lot easier. Anyone can go and create their own Majik account in a Majik shop. You don’t need to be an expert on this from Russia anymore, you can just have an account with one of these services.”


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.