Over the past 5 years a scam known as electronic funds transfers at the point of sale (EFTPOS ) or skimming has been prevalent. Consumers commonly swipe both credit and debit cards through the in-store machines to pay for goods and services and hackers have been adept at coming up with ways to skim those customer cards.
In one such case, Romanian hackers were indicted when they were charged with remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million. The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.
SCMagazine reports “An Eastern European criminal syndicate has hacked into a small Australian business and stolen details of half a million credit cards from the company’s network. In both cases, the syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open Microsoft’s Remote Desktop Protocol (RDP) connection. The syndicate found its victims by scanning the internet for vulnerable POS terminals.
Card skimming is just one of many ways that cybercriminals obtain access to stolen identities. And what happens once they have this information? They begin hitting many of the major brand websites to purchase products that are commonly found in our homes and office. How can retailers, ticketing companies, gaming sites and credit issuers protect their businesses and customers from fraudulent transactions?
Many start by identifying the device being used to access their website, through advanced device identification technology. Is it a computer, laptop, tablet, mobile phone or another Internet-enabled device? Is that a device that is already known to iovation’s cybercrime intelligence network? If so, has it been involved in fraudulent or abusive activities in the past? Often times, known bad devices have a history of credit card fraud, identity theft, account takeover attempts and other abuses. If the device comes back clean, is it related to other known bad devices?
iovation also helps its clients understand the web of associations between related devices, which helps businesses identify and shut down entire fraud rings. Lastly, online businesses run their highly-customized business rules as the transaction or activity is attempted. Many of iovation’s clients have more than 100 business rules on their site, that help them assess risk in real-time. These business rules can trigger factors including velocity, device anomalies, proxy use, age of the device-to-account association, and more.
Last week at the Merchant Risk Council Platinum Meeting in Seattle, iovation demonstrated it’s ReputationManager 360 fraud prevention service, and showed in simple terms, what happens during a real-time device reputation check.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- POS Skimming—Bad News for Banks and Merchants
EFTPOS skimming has become increasingly prevalent over the past few years. EFTPOS skimming—which stands for “electronic funds transfers at the point of sale”—involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server. In one such case, Romanian hackers
- Credit Card Skimmer Use Portable Point of Sales
A German “computer whizz-kid” was arrested recently while attempting to transport the latest bank scamming technology into Britain. The 26-year-old married father of two worked at various software companies worldwide, gathering the necessary technologies and components to create a card skimming device designed to replace the real point of sale devices at restaurants or other retail
- European Cybercrime Not Slowing Down
Device reputation authority iovation published a report revealing that the number of fraudulent transactions originating from Europe has risen dramatically over the past two years. From April 2011 to April 2012, iovation prevented approximately 15 million fraudulent online transactions in Europe. That’s an increase of 60% over the previous year. The rate of European fraud
- Feds Catch Carder
“Carders” are the people who test and sell credit card details (most likely phished) to other individuals who carry out the actual credit card fraud. Carders are the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the
- International Credit Card Hackers Hammered
Retailers can temporarily rejoice (for about a minute) now that six cyber villains have been caught in two different international credit card fraud rings. The Register reports, “After investigations that began in 2009, the police executed three search warrants in metropolitan Sydney, retrieving EFTPOS terminals, computers, cash, mobile phones, skimming devices, and several Canadian credit cards.
Leave a Comment
You must be logged in to post a comment.