Other issues in this category (7)
Thank you for your purchase?
Tuesday, July 12, 2016
Bank cards have become one of the most convenient and popular ways of making payment throughout the developed world. Without a doubt, they are also popular with criminals who seek to steal card information in order to use it without the cardholder’s knowledge. To achieve their goal, criminals employ social engineering techniques as well as special malicious programs.
Carding is a type of fraud involving trafficking credit card information that can be used to perform transactions without the card owner’s consent.
Trojans that infect PoS (point-of-sale) terminals, which facilitate bank card transactions, have posed a severe threat to cardholder finances for quite some time. Usually, terminals are connected to Windows PCs which can be infected with malware.
The Trojans intercepted information written on the magnetic strips of cards and passed it along to criminals. Some of these Trojans could also log PIN pad keystrokes. Criminals used the data to create a copy of the card which could then be used to pay for goods and services or withdraw money from ATMs.
However, with the advent of chip and PIN cards and contactless smart cards, criminals are finding PoS Trojans to be much less effective.
PoS Trojans aren't the only threat to cardholders. There are many applications that can inject content into web pages as they are being loaded in the browser. The content is replaced on the compromised machine which means that the page design and the URL remain the same—and users lower their guard. If a remote server requires a secure HTTPS connection, the Trojans can use bogus digital certificates.
With web injections, malware can introduce fake web forms into pages to lure users into divulging their bank card information. For example, a fake web form can appear on a page belonging to a popular online store, a flight booking portal, a site for purchasing game accounts, etc. Criminals can use the card information to carry out all sorts of transactions online, e.g., they can purchase bitcoins or pay for goods and services.
What card information do criminals steal to conduct transactions online?
- Card number
- Cardholder name
- Card expiry date
- CVV2 code: the card’s three-digit authentication code printed on the reverse side.
The Anti-virus Times recommends
- Use current anti-virus software;
- Keep its virus definitions up to date;
- Remember to scan your PC regularly—some malicious programs may have infected your system before their definitions were added to the Dr.Web virus database.