New sophisticated software takes advantage of lack of end-to-end encryption in many retailer backends and getting card data, including EMV, from consumers. Cyber criminals never sleep.
Source: www.theexaminer.com
This new ModPOS malware has taken advantage of a flaw in the internal in-store processing of debit and credit transactions still using magnetic stripes as well as using the new EMV Chip and Pin cards; the processing flaw, now known to the retail industry, is that the internal processing systems utilized by many major retailers does not support end-to-end encryption, and does not also properly encrypt data in memory, allowing that data to be captured and sent to distant cyber crooks. According to iSIGHT, “Criminals can then reuse card data, even from EMV cards, to make online (card-not-present) transactions.”