Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Credit card payments may not be as secure as you'd like

Image Description

Chip-based credit and debit cards are perceived as being very good at fending off skimming attempts and malware attacks. Being able to use your card by tapping it appears to be better than swiping it along the magnetic strip on a point of sale (POS) terminal. But rising numbers of malware attacks on merchants in the US suggest there are weaknesses whichever method you use.

Criminals are exploiting the built-in technology centered around the EMV, the technology originally developed by the three major card suppliers; Europay, Mastercard and Visa. Encryption methods used in EMVs has long been seen as a more secure way of keeping data safe, especially compared to cards armed with just a magnetic stripe.

However, because not all outlets in the US have chip card readers, or due to the possibility of malfunctioning hardware, cards also still carry the magnetic stripe that can be used during transactions. This dual-functionality could be leaving merchants open to ‘shimming’ attacks, which can occur when a series of system cross-checks are being made during a transaction. These include checking the three-digit security code printed on the back of a card.

While all chip-based cards carry much the same data as the magnetic stripe, there are key differences between them. Central to this is a component called an iCVV, or integrated circuit card verification vale. This so-called dynamic CVV found on an EMV chip is different from the regular CVV on a magnetic stripe and helps protect against the magnetic stripe data from being used to create fake magnetic stripe cards.

Magnetic stripe cards

Security issues can also arise if financial institutions haven’t set up their back-end systems as well as they could have. 

Researchers at Cyber R&D Labs recently published a report illustrating how they tested 11 chip card setups from 10 different European and US banks. The results showed that it was possible to harvest data from four, resulting in the ability to produce working magnetic stripe cards that could be used for transactions. 

Indications suggest that point of sale (POS) malware is being used by criminals to capture EMV transaction data. This is then being resold on the Dark Web allowing thieves to produce magnetic stripe variants of chip-based cards.

Visa also recently released a security alert highlighting the issue of compromised EMV chip-enabled POS terminals. Malware variants included Alina POS, Dexter POS and TinyLoader. The alert issued a series of recommendations for merchants to follow in order to reduce the risk of exposure.

Date

03 Aug 2020

Sources


Share


Other Blog

  • How are anti-malware tools different from regular antivirus?

    What do these respective security tools offer, and how exactly are they different from each other?

    Read More
  • Cheap tablet Labor Day sales: grab a huge saving on Surface Pro 7 and more

    Want to grab yourself a cheap tablet deal this Labor Day? Check out these top options for iPads and tablets from Samsung and Microsoft.

    Read More
  • Twitter down: social media website and app aren't working - again

    It feels like every other week that the internet breaks - you've guessed it (from the headline), Twitter is down.

    The social media giant is unavailable to loads of users - trying to access the web page brings up the message "Something went wrong. Try reloading.", and the app won't refresh with newer tweets.

    Reports on downdetector.co.uk jumped up into the thousands within minutes of the outage - it's worth pointing out that, while the reports also rose on downdetector.com (in the US), they didn't rise by nearly as much.

    It sounds like a limited issue, as lots of TechRadar team members haven't had an issue. Saying that the sheer number of Downdetector reports shows that something is up.

    Not only is the main Twitter feed down, but other Twitter sites are down too, like its Help site.

    We just wanted to post a funny joke, and now we've discovered that Twitter isn't working. We're investigating.

    Judging by reports from Downdetector and TechRadar's US team, the outage is affecting far fewer people in the US than in the UK - it seems mainly a British problem. Well, we can add that to the list after Freddos costing more, Magnums getting smaller and the whole cost of living thing.

    In the UK, DownDetector reports more than 4,000 reports in the last few minutes. That's a huge number given how many we normally see - even for the major outages that affect multiple websites, we usually see one or two thousand reports.

    This outage has come less than six weeks after the last Twitter outage.

    That was a smaller one, as the main Twitter feed would load, but Tweets wouldn't - so you could see them, but not click on them or interact with them. 

    Now, you can't see anything - it's radio silence.

    Usually when there's an internet outage, people turn to Twitter to look for answers. That's... a little harder now.

    We looked at Facebook, but Twitter itself hasn't posted there for several months. Last time it did, it was a screenshot of a Tweet about cats. What is this, 2007?

    Facebook is a bit more community-focused though, so it's harder to see what people in the wider world are saying.

    Reddit to the rescue though:

    is_twitter_down_for_anyone_else_in_uk from r/Twitter

    There's no official comment, but there are people from around the world commenting to say that Reddit isn't working for them.

    Unfortunately, because Reddit's support and news room sites are all hosted by the media giant itself, they're not working either.

    We're seeing a growing number of reports of outages from the US, but TechRadar's team based there hasn't seen anything.

    It's likely that a server in Europe is at fault, which is why it's so much more of an issue for our UK readers than our US ones.

    But we're waiting to find out from Twitter to see what's going on.

    Oppo Find X5 Pro

    (Image credit: Future)

    Reports are well over 4,000 at the moment.

    For context, the baseline is 3. That's a big difference.

    Oh wait - Twitter is back! (for me at least)

    This suggests the end of the outage could be here - just in time for you to return to work after your lunch break. What bad luck.

    DownDetector reports for Twitter problems are finally going down - it looks like the outage could really be over.

    It's not a steep plummet of reports, which suggests some people are still finding problems with their desktop site or phone app, but this at least tells us that the initial problem is being solved.

    We've been looking to see if Twitter itself has commented on the outage - so far we can't see anything from any of its official accounts.

    Saying that, it's got about a billion of its own accounts for different regions, aspects of the site and more, so it's very possible that one of them has posted, and we just haven't found it yet.

    Well, this was a short outage - down and up again within the course of an hour.

    We'd prefer internet outages not to happen at all, but if they've got to happen, we like them when they're just gone for a short while like now.

    Read More
  • Brave is now trying to dethrone Microsoft Teams and Google Meet

    Brave Software is rolling out a series of upgrades for its privacy-focused video conferencing service, Brave Talk.

    As explained in a new blog post, the headline addition is a new browser extension that allows users to attach Brave Talk links to Google Calendar invitations, in the same way as they might with Google Meet. The idea is to give people a simpler way to integrate Brave Talk into their regular working routine.

    Beyond the browser extension, the company has also expanded the free version of its video conferencing service, which now supports unlimited video calls for up to four participants (up from two).

    The premium version (costing $7/month), meanwhile, has received a number of new business-centric features as part of the update, from breakout rooms to emoji reactions, attendee polls and advanced moderation facilities.

    Brave tackles video conferencing

    Brave is perhaps best known for its web browser of the same name, which blocks both ads and tracking cookies, but the company is expanding rapidly in new product areas. For example, there’s now a Brave VPN, firewall, crypto wallet, news aggregator and search engine, all of which are said to be optimized for privacy.

    Pitched as an alternative to video conferencing services operated by the likes of Microsoft and Google, Brave Talk is another member of this growing portfolio.

    “Unlike other video conferencing providers, which can involve collecting and sharing user data without adequate transparency and control, Brave Talk is designed to not share user information or contacts by default,” Brave states.

    “Brave Talk is designed to serve you, not track you, and is designed for unlinkability [whereby there is nothing that links a participant to a call]. This privacy protection carries through to the Google Calendar extension.”

    For Google Workspace customers at least, the ability to add a Brave Talk link to a Google Calendar entry with ease will minimize the friction involved in switching service, a crucial factor in accelerating adoption.

    The extension of the free service to include unlimited calls for up to four people, meanwhile, will make Brave Talk a perfectly viable option for anyone in need of a video conferencing service for occasional personal use.

    The main caveat is that Brave Talk calls can only be hosted by someone that uses the Brave browser, which currently holds a comparatively tiny share of the market. The ability for Brave Talk to challenge the likes of Microsoft and Google in the video conferencing market, then, is tied to whether the company is able to challenge the same two rivals in the browser space too.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us