December 7, 2013
The holiday season is buzzing with spirited, less-careful consumers making billions of dollars of purchases. And fraudsters are looking to make hay while sun shines. Both online and offline, millions of consumers are in a hurry to shop for discounted goods as well as gifts for family and friends. Nothing wrong with that but with newer methods of mobile, app-based, and web based payments the complexity of the transactions and vulnerabilities are increasing. The combined effect is the following fraud attacks that have come to our notice.
Rare POS Botnet attack:
What is most alarming is that the attacks are coming to the POS - and these are advanced Point of sales botnets. This botnet is wrecking havoc now (has not been stopped) at merchants and restaurants. There have been POS attacks in the past, e.g., at Subway, but this Botnet is quite evolved. It is supposed to have compromised more than 20,000 payment cards since August, as per researchers from IntelCrawler. The researchers arrived at the findings after infiltrating one of the control servers used to send commands to infected machines and receive pilfered data from them. Researchers said that Botnet is controlling 31 machines that belonged to US-based restaurants and retailers. Some of the infected machines are servers, so the number of affected PoS devices could be much higher than the number of machines. The attack is still on.
Prepaid cards attack:
Prepaid card is a great financial instrument especially for underbanked and unbanked. Businesses and government agencies are also increasingly using them because they are easier to cash than paper checks. In May of this year U.S. prosecutors said a global cybercrime ring had stolen $45 M from banks by hacking into credit card processing firms and withdrawing money in 27 countries through ATMs. More recently, JPMorgan Chase & Co is warning some 465,000 holders of prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network in July. The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits. The warning only affects the bank’s UCard users, not holders of debit cards, credit cards or prepaid Liquid cards. Although the issues had been fixed (web server breach) but its important to know about it and be alert (if you have one of these cards) especially during this festive season where the informations stolen could be used.
Stores (online sales) attack:
A cyberattack happened at grocery stores recently in parts of Washington, Oregon, Montana and Idaho. Stores like Rosauers were asking its customers to pay with cash or check while its owners, URM Stores, were working to clear up the cyber attack. The attack was targeting credit and debit card users. The stores hit include Rosauers, Yokes, Super One and Trading Company, among other URM properties. The attack has now been blocked (3rd Dec, 2013).
So as a shopper, and an individual what can you do? Start with basic things so that you don’t facilitate social engineering such as not sharing your passwords, personal information on the internet and not messaging such details. You can read and learn more about it in this guide
Watch out a few other things as well - note that a card or payment fraud could happen in some of the following situations as well.
The entire payments value-chain needs to work hard to curb fraud
To win the trust of the customers, payment eco-system players must enhance and safeguard against payment system attacks.