VISA, the popular payment processing firm and credit card operator, is warning users of a new threat that could jeopardize their card information significantly.
— Engadget (@engadget) December 16, 2019
In a security report published earlier this month, the FinTech giant explained that fraud detection groups had caught wind of Fin8, a hacker group attacking gas stations. As VISA explains, the hackers work by sending malicious Emails to POS networks. The mails deposit malicious software into the network infrastructure, which then takes advantage of a fundamental vulnerability in mag stripe cards.
Old Cards Left Defenseless
Even though these cards are old and will soon be outdated, the company noted that service stations still accept them since them they’re still in circulation. The POS usually scans the card and sends data back to the vendors using an encrypted channel, but the malware provides the attackers with access to the network and the data itself while in transit.
VISA explained that short of getting newer, more secure credit cards, there isn’t much that users can do to protect themselves from such attacks. However, gas stations that use POS payment channels could encrypt data transfers or implement a chip-and-PIN policy.
Data Limit Bypass
The report is coming on the heels of another revelation, this time by researchers at a security and consulting firm. Leigh-Anne Galloway and Tim Yunusov, both from Positive Technologies, explained in a recent report that there are some inherent flaws that expose contactless (NFC) payments to hackers.
NFC payments were first introduced in 2007, and are fast becoming a regular in the payment space. They currently account for about 40 percent of payments made around the world and have been seen by many as an excellent alternative for the conventional chip and PIN verification methods.
However, in their report, the two researchers demonstrated how people could bypass the £30 ($39) limit that VISA has placed on NFC payments made using physical cards. The trick involves taking a physical card and presenting it as a software token on a smartphone, and the researchers explained that related tricks could also be used to bypass payment limits on mobile wallets as well.
Financial institutions have been made to face quite a lot of adversity this year, as hackers have had more of an appetite for their nefarious acts. Whether it’s blatant credit card information spoofing or significant data breaches, financial organizations were kept on their toes every day of the year.
Earlier this year, credit card issuer Capital One announced that hackers had accessed the personal information of up to 106 million applicants and customers across the United States and Canada. From personal details and biodata to financial records and social security numbers, the company’s customers were left exposed.