There are numerous ways to have our credit cards stolen and it originates to two primary methods:
- Skimmers.
- A hardware skimmer device placed over a card port on an ATM or gas pump (certain countries allows consumer to buy gas directly with their card).
- "We will discuss more about skimmers after this post".
- During the old days, the Enemy must acquire back their skimmers to retrieve the data they have stolen (because it is stored manually inside the skimmer).
- Now with better technology, skimmers are able to retrieve data wireless with GSM or Bluetooth function.
- Skimmers are sold to match the manufacturer and model of ATM being targeted. Since ATM manufacturers publicly release new bank contracts, criminals are able to plan skimmer placement before new ATMs are even installed.
- Soft skimmers is a device placed on a POTS (Plain Old Telephone Service) circuit in order to intercept the data in transit.
- Stand-alone ATMs in convenience stores or hotel lobbies may rely on modems for communication with a merchant network.
- After recording the tones on these phone lines, Enemies use widely available software to convert the tones to digital data, specifically credit card numbers.
2. Network Breaches
- Point of Sale (POS) terminals used in retail outlets were exploited through vulnerabilities in the underlying operating system that these terminals use.
- Failure to patch the operating system has led to remote exploitation via freely available hacker tools.
- Data ex-filtration has occurred for months before the merchant discovered or was alerted to the tainted POS terminal.
Criminals continue to aggressively hunt for large amounts of card track data either in storage or in transit. Once a target is identified, the compromise is only a matter of time and resources. Today, financial databases and networks continue to fall victim to the most motivated and talented hackers. Previously, compromises have existed for over a year before the breach was discovered. The purveyors of this data will quickly become rich, as will the end users who purchase the data for coordinated exploitation.
No comments:
Post a Comment