eScan Research Team advices how to use your Debit / Credit Card safely.
According to various reports, Debit card users of SBI, HDFC bank, ICICI, YES bank and Axis are the worst hit.
There are multiple ways in which Debit Card information can be stolen:
2: Skimming Devices
3: Compromising the Security of a Payment Processor
3.1 Malware/Virus Attack
a) ATM Malware
b) POS Malware
c) Trojan/Keylogger etc.
3.2 Hacking Attacks
In this case, according to the reports, it was Hitachi Payment Services which was compromised by a malware attack,
which enabled the hackers to steal the card related information. Hitachi Payment Services provides ATM,
Point of Sale (POS) terminals and other payment related services.
PHISHING related scams have been in existence since eons, however, these encompass not just the Debit Cards but also Credit Cards and the Logon Credentials.
Numerous vendors have come up with some innovative solutions to mitigate such attempts at the gateway itself; however, some of the phishing attempts
do end up entering into the user’s mail-box. In comparison to other attempts, Phishing related Debit Card scams can be ranked lower since the number of
victims or the value of the attack can be considered miniscule when compared with other forms of attacks. The coverage of the phishing attack is limited
either to a specific country or to a specific bank within a country.
SKIMMING DEVICES may be termed as devices which are attached to the ATM Machines and have the ability to capture the PINs and Card data.
However when we look into the scope, it is limited to one single machine or the criminals may choose to attack a few other ATM machines.
The reason being, Skimming requires additional hardware and the stolen data needs to be collected either by physically removing
these devices or remote access, whose range is again limited by the geographical area.
Moreover, there is a certain cost involved in procuring / producing these devices, hence we have often seen a nexus between the manufacturer of such devices
and criminals who actually implement these devices into ATM Systems.
Furthermore, Skimming and Phishing both require the Debit / Credit card to be cloned and there exists market places where such data is traded.
Skimming is used when criminals are targeting a specific ATM machine or a couple of them. We are yet to see a wide spread Skimming attack on an entire city,
which would result in Data Compromise of more than 100,000 customers from one campaign.
Compromising the Security of a Payment Processor
MALWARE AND HACKING have been taking precedence over each and every method used by cyber-criminals to steal data and majority of the data breaches
have been contributed to them. Criminals either deploy a custom malware after hacking into the networks or they may utilize various other
non-intrusive methods to ensure that the custom malware is implanted into the systems.
We have already seen a rise of the POS malware, which specifically target Point of Sale Terminals and we have also observed credentials of Hacked POS being
traded in under-ground markets.
Some of the worst attacks on banks and financial institutions were the direct result of either being hacked or vide an attack on security-wise naïve employees.
Cyber Criminals are always on a lookout for vulnerable Payment Processing Organizations, as they are considered the hub where all transactions converge;
moreover, many of these payment processing organizations are also responsible for the upkeep of POS terminals and ATM machines.
An attack on such an organization will surely lead to the compromise of more than million records, and by any standards is considered to be the best bet
when compared with Skimmers or Phishing. Way back in 2014 attack on Target, a multi-national organization in USA, proved that implementation of PCI-DSS
standards was rattled to the core by a custom-malware which scrapped the RAM (memory) of the infected system.
Vendors and Banks alike have been issuing advisories to safeguard their customers from Skimming and Phishing attempts and even if one were to follow
these advisories, there is no way for a consumer (sic. Card User) to detect the presence of malware in the ATM Machines they are using since it is
the prerogative of the Bank to ensure that their systems are kept clean. However, when we look into the murkier details of the Target attack,
we would be surprised to know that hackers had targeted a third party vendor to access the Target network.
Target is a retail giant, was attacked by POS malware, and approximately 40 million credit and debit card accounts may have been compromised in 2013.
We may also considering studying a similar attack carried out on Heartland Payment System way back in 2009, in which 130 million card details were stolen.
Numerous Organizations have been conducting Vulnerability Assessment Penetration Testing (VAPT) Audits, which is a positive trend, one might say.
However, some of these VAPT audits are done using standard automated applications like Nessus. Applications like Nessus can be termed as reporting
applications, which would simply scan the ports, extract the product version number and based on a known vulnerability database, and arrive at the
Furthermore, Zero-Day vulnerabilities are very hard to detect using conventional mechanisms, coding horrors or mis-configurations are equally difficult
to find. Hence, instead of relying solely on automated vulnerability assessment software to conduct audits, we have to approach this problem the way
hackers do. Either the organizations should invest in bug-bounty programs or utilize the services of third-party organizations which will do their
best to punch in holes on their systems. Although these measures wouldn’t stop a hack, it would at least ensure that you have upped the ante for
We are facing an increasing online future, wherein we have to realize that additional intelligence is required, innovative ways have to be found out when
conducting VAPT. Organizations have to start asking serious questions about the audits, rather than finding solace in the All Green Reports generated by
What should a common person do in face of such unseen attacks? A little bit of common sense will go a long way in protecting users,
wherever an attack may emanate from. Advice from eScan:
1.If you are a prolific online buyer, change your PIN often. If you are not, still change your PIN often.
2.Return back/Do not use credit-cards/debit-cards which do not support TFA (Two Factor Authentication).
In simple terms, if a credit card does not give you an option of Online OTP (One Time Password), where every transaction needs you to
input a 4/6 digit verification code, before the transaction is approved
For Banks, we would suggest implementing offline OTP, where in credit/debit cards swiped at merchant locations, also give instantaneous OTP on registered
mobile numbers & unless this OTP is put (along side the PIN), transactions will not go through.
eScan, one of the leading Anti-Virus & Content Security solutions for Desktops, Smartphones, and Servers, is developed and marketed by MicroWorld.
It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology and sophisticated Anti-Virus
Heuristic Algorithms that not only provides protection from current threats but also provides proactive protection against evolving threats.
It has achieved several certifications and awards from some of the most prestigious testing bodies, notable among them being AV-Comparatives,
Virus Bulletin, AV-Test and ICSA labs. Combining the power of various innovative technologies, eScan provides Multi-level Real-time Protection
to digital devices and Networks. For more information, visit www.escanav.com.
Microworld Software Services Pvt. Ltd,
Plot no.80, Road No.15, MIDC, Marol
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release eScan Research Team advices how to use your Debit / Credit Card safely. here
News-ID: 383415 • Views: 982
More Releases from MicroWorld Software Services Pvt. Ltd
eScan introduces innovative Endpoint Protection Solutions for Enterprises
Enterprises can no longer rely solely on traditional security solutions in today’s evolving cyber threat landscape. To effectively combat the sophisticated, stealthy and targeted attacks, enterprises need to effectively implement a defined security solution capable of proactively protecting the endpoints. CISOs need to take a defined approach that will deploy a robust security solution to secure the endpoints from cyber threats at all times for business continuity. Keeping the above challenges
Doxware - The Latest Ransomware
The term "doxware" is coined from the term ‘dox’, meaning searching or posting private information online with any malicious intention. The criminals draw the victims’ attention by stating that their crucial, confidential or personal files would be released online and made them public. There are some similarities in Doxware and Ransomware. Both encrypt the victims’ files; demand for ransom and are highly automated in nature. In a doxware attack, the compromised
eScan empowers Enterprises with Mobility Management solutions
The rapid growth of mobile devices in an enterprise network has today increased the security concerns for CISOs/CSOs. With the increased penetration of bring your own device (BYOD) policies and growing threat landscape, eScan has now introduced the state of the art Enterprise Mobility Management (EMM) solutions to keep business critical data safe and protected from emerging cyber threats. Bring your own device or using company owned mobile device has become
eScan antivirus security software continues winning awards in 2011 for security …
eScan continues winning awards in 2011 Mumbai, May 09, 2011: eScan, one of the leading providers of Information security solutions for desktops and servers continues its winning ways by bagging the Jan 2011 PCSL 5 Star award, Advanced+ Certification from AV Comparatives in the Feb 2011 tests and the April 2011 VB100 award successively. The VB100 and AV-Comparatives awards are awarded to products that show good detection and removal capabilities without any
More Releases for Card
Fuel Card Market 2022
Fuel cards also known as fleet cards are being used to make payments for fuels, maintenance and repair of vehicles. These cards are mostly used by businesses managing fleet of vehicles. Fuel card market is witnessing lot of partnerships as many fuel companies are offering their own branded fuel cards. Fuel card issuers are also focusing on telematics, enabling the fleets to save on fuel. Wireless fueling is an emerging
Prepaid Card Customer Analytics
Summary Prepaid Card Customer Analytics is a powerful interactive tool providing direct answers to the questions that are central to developing a customer-centric product and marketing strategy. It speeds up the analysis of the global prepaid card customer by offering essential insight at a country and demographic level across 29 countries. Request Sample Report Here: http://www.reportbazzar.com/request-sample/?pid=439704&ptitle=Prepaid+Card+Customer+Analytics&req=Sample Synopsis – See exactly where to focus product development and marketing activity based on country level data on
One card, many possibilities
Cost-effective and flexible low-profile PCIexpress card for CAN, LIN and other bus systems With the new CAN-IB100/PCIe IXXAT is treading new ways in terms of field bus interface cards. The passive CAN PCIexpress card is based on a modern and highly modular concept. Due to this, it is very flexible and versatile, and all this at a very low price. Besides the standard version, the interface card is also available as low-profile
proximity card,rfid card IC: EM4102,T5577,Mifare 1K,I CODE SLI,etc. Craft:offset printing,laser logo and number Size:CR80,etc Proximity Card Specification Frequency LF(Low Frequency): 125KHz HF(High Frequency): 13.56MHz RFID IC LF: Unique EM4100/4102, GK4001 R/W EM4550, Atmel T5557/5567, Hitag1/2, HitagS 2048 HF: ISO14443A Mifare Standard 1k/4k, Mifare Ultralight, Mifare DESfire
Detailed Product Description EM4100 card 1.L86*W54 *T1.8 (+ or - 0.04)mm 2.materials:PVC,ABS,PET 3.Access control,indentification EM4100 card 1. Frequency: 125KHz 2. Capacity: 64bit 3. Material: PVC, ABS EM4102/ EM4100 card, LF card, RFID card Chip: μ EM Switzerland micro-power, EM4100/EM4102 Capacity: 64bit Frequency: 125KHz Read range: 2-15cm Life: Unlimited reading times Dimensions: ISO standard card/thick card Material: PVC, ABS Applications: Identification, attending system, accessing system, etc Also we have RFID
Plastic card 1.Material: PVC or paper 2.Size: 86mmx54mm or other size as required. 3.Thickness: 0.3mm; 0.5mm; 0.76mm Plastic card 1) Card material: High quality PVC, pet 2) Size: ISO standard size 85.5*54*0.76mm 3) Product: Offset printing card, polished card 4) Professional design 5) Various crafts, shapes, sizes are available Card material PVC/PET/ABS/Paper Card size ISO standard size 85.5*54*0.76mm (Customers requirements are available) Available craft magnetic strip, photo, embossment, hot-stamping, signature panel,