A previously unseen malware program, suspected to have been created in Eastern Europe, has infected POS systems in at least 11 countries and stolen details of 50,000 cards.
RSA FirstWatch’s discovery of the Trojan virus, named “ChewBacca”, comes not long after retailers in the US were targeted through their POS platforms.
Richard Moulds, VP of strategy at Thales e-Security, said: “The ChewBacca findings simply confirm something we already know, regular PCs and servers can’t be secured.
“In-store point of sale terminals are particularly vulnerable because they handle highly sensitive card holder data, they exist in large numbers so are hard to manage and yet are in notoriously insecure places – the retail store.”
RSA, an organisation that researches and analyses malware, found that infection had mainly occurred in the US, perhaps because the Trojan works by scraping magstripe data from POS.
Other countries affected included Russia, Canada and Australia.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataMoulds argued for greater encryption of data, saying: “We already have a solution for protecting PINs and it works just fine, we rarely see stories of stolen PINS.
“PINs are encrypted directly in the card reader itself by physically hardened circuitry as soon as they are entered by the shopper.
“Encrypt or tokenise cardholder data at the point of capture and decrypt only on a need to know basis and only in trusted environments. It really requires a shift of mindset.”
Related articles:
American data theft victims not deterred from using credit cards – Ipsos and Reuters
1.1m Neiman Marcus customers hit by US card data breach
US banks and retailers in slanging match over Target breach