New Type of Malware–Steals Your Info at Store Register

Published on April 13, 2013 By DrJBHL In Personal Computing

Meet “vSkimmer”.

Say you wanted to be secure and not do business over the internet. You just wanted to go to the store and buy what you needed and “pay” at the register. That’s secure, right? Wrong.

In the past you bought gas and used the credit card swiper at the pump. Well, the machine could be “crooked” and record your card and then someone could take them off the machine. The solution was simple. Just pay with cash.

Stores are secure, though. Nope. Well, not for the regular type of credit/debit card. Cards with ‘chips’ apparently still are (but won’t be for long).

“Here's how the malware works: once installed on a checkout computer, vSkimmer collects data about the operating system, including its current version, default language, host name, and active user name. The malware then sends this information back to a central command and control server where it can be used by hackers to keep tabs on infected POS systems. Once the hackers send a download and execute command, the malware begins scanning for any information that resembles 'Track 2' data.”

- http://www.infopackets.com/news/security/2013/20130401_malware_targets_credit_card_data_on_checkout_pcs.htm

The track 2 data is the information stored on the magnetic tape strip on the back of your card. Once the cyber criminals have that information, your card can be cloned, and you’re card is shot.

At this point there are two things you can do to prevent this:

1. Subscribe to the anti-fraud programs your credit card carrier sells. It’s then their responsibility to notify you and ask if you made those transactions. Be smart and ask for a program that calls you. Of course, then you’ll have a 10 day wait for a new card.

2. Use cash. Well then, why bother with a credit/debit card? Because your credit history matters a great deal. Just be wise how and where you use it.

If you use multiple online anti-malware scanners on your computer at regular intervals and again before making a purchase, online purchasing is probably safer than other forms of purchase. Just make sure to examine the purchase site’s url.

And have a good weekend.

Comments

ElanaAhova

on Apr 13, 2013

Thx doc, as always, good timely info, and 'how-tos' to ameliorate the potential down side of living in this interconnected world. Muchas gracias!

benmanns

on Apr 13, 2013

I Think its time for a new card system then... and it has been for long
A card system that wont alow simple wiping the card " could be wiped through the scanner to pay but would need a confirmation code that is generated via an authentificator or digital signal ( a device that you carry with you all the time that can translate the signal and and converts it into a confirmation code be it numbers or letters.Stored information could only be sold to thrid then for spam but you wont be missing money since they cant generate a confirmation code PIN PUK to make a transaction without that device and your card.

Something like this already exists for regular bank cards that have onlinebanking its still wonky but more secure.For these online banking cards you also have a little device that you have to hold onto your screen to decrypt the signal for your PIN PUK whatever.

LightStar

on Apr 13, 2013

Be a lot easier just to use fingerprint ID when making a credit card transaction. Make new machines that verify using fingerprints.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!