Why hackers may be stealing your credit card numbers for years

  • 2 September 2014
  • 0 replies
  • 2 views

Userlevel 7

By Jeremy Kirk, IDG News Service
IDG News Service | Sep 2, 2014 4:36 AM P
 
While conducting a penetration test of a major Canadian retailer, Rob VandenBrink bought something from the store. He later found his own credit card number buried in its systems, a major worry.
 
The retailer, which has hundreds of stores across Canada, otherwise had rock-solid security and was compliant with the security guidelines known as the Payment Card Industry's Data Security Standards (PCI-DSS), said VandenBrink, a consultant with the IT services company Metafore.
But a simple configuration error allowed him to gain remote access. From there, he found the retailer was vulnerable to the same problem that burned Target, Neiman Marcus, Michaels, UPS Store and others: card data stored in memory that is vulnerable to harvesting by malicious software.
The problem is growing worse. The U.S. Department of Homeland Security and Secret Service warned last month that upward of 1,000 businesses may be infected by malware on their electronic cash registers, known in the industry as point-of-sale devices.
So why are the data thieves winning? Security analysts say point-of-sale malware is neither new nor particularly sophisticated. Programs such as Backoff, BlackPOS and JackPOS hunt down clear-text payment card details jammed in a jumble of data in a computer's memory, a process known as "RAM scraping."
 
ComputerWorld/ full article here/ http://www.computerworld.com/article/2600778/security/why-hackers-may-be-stealing-your-credit-card-numbers-for-years.html
 
 

0 replies

Be the first to reply!

Reply