Holiday shopping season malware targeting

By | December 4, 2015

New sophisticated software takes advantage of lack of end-to-end encryption in many retailer backends and getting card data, including EMV, from consumers. Cyber criminals never sleep.

Source: www.theexaminer.com

This new ModPOS malware has taken advantage of a flaw in the internal in-store processing of debit and credit transactions still using magnetic stripes as well as using the new EMV Chip and Pin cards; the processing flaw, now known to the retail industry, is that the internal processing systems utilized by many major retailers does not support end-to-end encryption, and does not also properly encrypt data in memory, allowing that data to be captured and sent to distant cyber crooks. According to iSIGHT, “Criminals can then reuse card data, even from EMV cards, to make online (card-not-present) transactions.”

Author: Kiosk Industry

Kiosk manufacturer experience since 1993. Engineer for Verizon Bill Pay kiosks while at KIS in Colorado. Extensive device knowledge for printers, scanners, currency, PCI, ADA, touch screen technology, outdoor, biometrics such as fingerprint and IRIS. Runs and manages the current kiosk association, KMA. Works with U.S. Access Board on ADA and accessibility. PCI SSC participating organization. Member of National Retail Federation (NRF) and National Restaurant Association.