Total Pageviews

Sunday, February 17, 2013

New malware Dexter leading to spurt in credit card frauds as per ET

As per one of the ET reports, Bankers say that the spurt in credit card frauds is possibly caused by a new malware Dexter which has been used to commit digital fraud internationally. 

Typically digital fraud involves hackers breaking into either a banking network or payment aggregator's server or what is being seen as more recent trend -installing a malware in the point of sale. Bankers feel this is likely because the pattern is unlike earlier cases of skimming where numbers are limited and are concentrated in some geographies. 

Dexter is malware, which is of recent origin is termed by payment industry experts as a highly intelligent one as it directly communicates with the command-and-control server and instructs the systems to grab and transmit any credit card data that comes into the machine. The malware uses the retailers network which are typically not secured since they are used for non-critical data. 

"I doubt that this is related to skimming. In skimming there is a physical limitation in the number of cards that can be read also we are getting cases from metros across the country" said a bank official. Also since this fraud is perpetuated at the card acceptance stage it is not limited to one card issuing bank. Although there are other forms of digital fraud such as stealing numbers stored in e-commerce sites, the practice of storing card information on sites is not very prevalent in India. 

In transactions in brick and mortar outlets, the credit card ecosystem typically has three main stakeholders, the bankers who authorize transactions, the point of sale retail merchants and the technology partners who are payment aggregators. Speaking to ToI Rajeev Aggarwal, CEO, Innoviti said that retail merchants should invest in technology partners who are not only help in enabling payments but also ensure that the merchant's own network is secure so that there is no breach. Innoviti provides payment solutions to retail chains. 

"Although credit card information is sent using 128 bit encryption, in typical implementation there is a brief moment when it is open in the system memory. Malwares may exploit this to get access to data. Usage of end-to-end encryption can prevent such access," he said. "We have secured our solutions through incorporate of advanced security mechanism such as Unique Key Per Terminal and Terminal Line Encryption which make the systems future ready as per RBI compliance needs" he added. 

Use of malware in digital fraud has made it difficult for authorities to nab the fraudsters even when there is coordinated international effort. This is because the hacker who receives the information from the Malware does not use it himself but sells it anonymously over the net to buyers across the world. 

Scamsters buy individual information after sampling few card numbers. Bankers say that since cards are invariably blocked after an initial transaction, scamsters buy card information in bulk and these are sold at prices as low as $2 per card information. Once this information is available it can be used to clone cards. Theoretically, card information can be stolen from a retail chain in India, by a hacker in Russia and sold to scamsters in US. 

While RBI has done its best to make transactions secure it cannot prevent international frauds. Since most of the cards issued by MasterCard and Visa are international cards they can be freely used outside the country. The card information can also be used in online transactions because in some countries there are e-commerce sites that conclude a transaction without even the CVV2 number which is printed on the reverse of the credit card. 

No comments:

Post a Comment