openPR Logo
Press release

eScan Research Team advices how to use your Debit / Credit Card safely.

11-16-2016 01:16 PM CET | IT, New Media & Software

Press release from: MicroWorld Software Services Pvt. Ltd

Anti Ransomware, Credit Card Scam, Debit Card Scam, eScan Antivirus, Banking Malware

Anti Ransomware, Credit Card Scam, Debit Card Scam, eScan Antivirus, Banking Malware

Very recently it has been revealed that around 3.2 million Debit Cards have been compromised, belonging to Indian users.
According to various reports, Debit card users of SBI, HDFC bank, ICICI, YES bank and Axis are the worst hit.

There are multiple ways in which Debit Card information can be stolen:
1: Phishing
2: Skimming Devices
3: Compromising the Security of a Payment Processor
3.1 Malware/Virus Attack
a) ATM Malware
b) POS Malware
c) Trojan/Keylogger etc.
3.2 Hacking Attacks

In this case, according to the reports, it was Hitachi Payment Services which was compromised by a malware attack,
which enabled the hackers to steal the card related information. Hitachi Payment Services provides ATM,
Point of Sale (POS) terminals and other payment related services.

PHISHING related scams have been in existence since eons, however, these encompass not just the Debit Cards but also Credit Cards and the Logon Credentials.
Numerous vendors have come up with some innovative solutions to mitigate such attempts at the gateway itself; however, some of the phishing attempts
do end up entering into the user’s mail-box. In comparison to other attempts, Phishing related Debit Card scams can be ranked lower since the number of
victims or the value of the attack can be considered miniscule when compared with other forms of attacks. The coverage of the phishing attack is limited
either to a specific country or to a specific bank within a country.

SKIMMING DEVICES may be termed as devices which are attached to the ATM Machines and have the ability to capture the PINs and Card data.
However when we look into the scope, it is limited to one single machine or the criminals may choose to attack a few other ATM machines.
The reason being, Skimming requires additional hardware and the stolen data needs to be collected either by physically removing
these devices or remote access, whose range is again limited by the geographical area.

Moreover, there is a certain cost involved in procuring / producing these devices, hence we have often seen a nexus between the manufacturer of such devices
and criminals who actually implement these devices into ATM Systems.

Furthermore, Skimming and Phishing both require the Debit / Credit card to be cloned and there exists market places where such data is traded.
Skimming is used when criminals are targeting a specific ATM machine or a couple of them. We are yet to see a wide spread Skimming attack on an entire city,
which would result in Data Compromise of more than 100,000 customers from one campaign.

Compromising the Security of a Payment Processor

MALWARE AND HACKING have been taking precedence over each and every method used by cyber-criminals to steal data and majority of the data breaches
have been contributed to them. Criminals either deploy a custom malware after hacking into the networks or they may utilize various other
non-intrusive methods to ensure that the custom malware is implanted into the systems.

We have already seen a rise of the POS malware, which specifically target Point of Sale Terminals and we have also observed credentials of Hacked POS being
traded in under-ground markets.

Some of the worst attacks on banks and financial institutions were the direct result of either being hacked or vide an attack on security-wise naïve employees.
Cyber Criminals are always on a lookout for vulnerable Payment Processing Organizations, as they are considered the hub where all transactions converge;
moreover, many of these payment processing organizations are also responsible for the upkeep of POS terminals and ATM machines.

An attack on such an organization will surely lead to the compromise of more than million records, and by any standards is considered to be the best bet
when compared with Skimmers or Phishing. Way back in 2014 attack on Target, a multi-national organization in USA, proved that implementation of PCI-DSS
standards was rattled to the core by a custom-malware which scrapped the RAM (memory) of the infected system.

Vendors and Banks alike have been issuing advisories to safeguard their customers from Skimming and Phishing attempts and even if one were to follow
these advisories, there is no way for a consumer (sic. Card User) to detect the presence of malware in the ATM Machines they are using since it is
the prerogative of the Bank to ensure that their systems are kept clean. However, when we look into the murkier details of the Target attack,
we would be surprised to know that hackers had targeted a third party vendor to access the Target network.

Target is a retail giant, was attacked by POS malware, and approximately 40 million credit and debit card accounts may have been compromised in 2013.

We may also considering studying a similar attack carried out on Heartland Payment System way back in 2009, in which 130 million card details were stolen.

Numerous Organizations have been conducting Vulnerability Assessment Penetration Testing (VAPT) Audits, which is a positive trend, one might say.
However, some of these VAPT audits are done using standard automated applications like Nessus. Applications like Nessus can be termed as reporting
applications, which would simply scan the ports, extract the product version number and based on a known vulnerability database, and arrive at the
conclusion.

Furthermore, Zero-Day vulnerabilities are very hard to detect using conventional mechanisms, coding horrors or mis-configurations are equally difficult
to find. Hence, instead of relying solely on automated vulnerability assessment software to conduct audits, we have to approach this problem the way
hackers do. Either the organizations should invest in bug-bounty programs or utilize the services of third-party organizations which will do their
best to punch in holes on their systems. Although these measures wouldn’t stop a hack, it would at least ensure that you have upped the ante for
enterprising hackers.

We are facing an increasing online future, wherein we have to realize that additional intelligence is required, innovative ways have to be found out when
conducting VAPT. Organizations have to start asking serious questions about the audits, rather than finding solace in the All Green Reports generated by
such applications.

What should a common person do in face of such unseen attacks? A little bit of common sense will go a long way in protecting users,
wherever an attack may emanate from. Advice from eScan:

1.If you are a prolific online buyer, change your PIN often. If you are not, still change your PIN often.
2.Return back/Do not use credit-cards/debit-cards which do not support TFA (Two Factor Authentication).
In simple terms, if a credit card does not give you an option of Online OTP (One Time Password), where every transaction needs you to
input a 4/6 digit verification code, before the transaction is approved

For Banks, we would suggest implementing offline OTP, where in credit/debit cards swiped at merchant locations, also give instantaneous OTP on registered
mobile numbers & unless this OTP is put (along side the PIN), transactions will not go through.

eScan, one of the leading Anti-Virus & Content Security solutions for Desktops, Smartphones, and Servers, is developed and marketed by MicroWorld.
It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology and sophisticated Anti-Virus
Heuristic Algorithms that not only provides protection from current threats but also provides proactive protection against evolving threats.
It has achieved several certifications and awards from some of the most prestigious testing bodies, notable among them being AV-Comparatives,
Virus Bulletin, AV-Test and ICSA labs. Combining the power of various innovative technologies, eScan provides Multi-level Real-time Protection
to digital devices and Networks. For more information, visit www.escanav.com.

Microworld Software Services Pvt. Ltd,
Plot no.80, Road No.15, MIDC, Marol
Andheri East

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release eScan Research Team advices how to use your Debit / Credit Card safely. here

News-ID: 383415 • Views:

More Releases from MicroWorld Software Services Pvt. Ltd

eScan introduces innovative Endpoint Protection Solutions for Enterprises
eScan introduces innovative Endpoint Protection Solutions for Enterprises
Enterprises can no longer rely solely on traditional security solutions in today’s evolving cyber threat landscape. To effectively combat the sophisticated, stealthy and targeted attacks, enterprises need to effectively implement a defined security solution capable of proactively protecting the endpoints. CISOs need to take a defined approach that will deploy a robust security solution to secure the endpoints from cyber threats at all times for business continuity. Keeping the above challenges
Doxware - The Latest Ransomware
Doxware - The Latest Ransomware
The term "doxware" is coined from the term ‘dox’, meaning searching or posting private information online with any malicious intention. The criminals draw the victims’ attention by stating that their crucial, confidential or personal files would be released online and made them public. There are some similarities in Doxware and Ransomware. Both encrypt the victims’ files; demand for ransom and are highly automated in nature. In a doxware attack, the compromised
eScan empowers Enterprises with Mobility Management solutions
eScan empowers Enterprises with Mobility Management solutions
The rapid growth of mobile devices in an enterprise network has today increased the security concerns for CISOs/CSOs. With the increased penetration of bring your own device (BYOD) policies and growing threat landscape, eScan has now introduced the state of the art Enterprise Mobility Management (EMM) solutions to keep business critical data safe and protected from emerging cyber threats. Bring your own device or using company owned mobile device has become
eScan antivirus security software continues winning awards in 2011 for security …
eScan continues winning awards in 2011 Mumbai, May 09, 2011: eScan, one of the leading providers of Information security solutions for desktops and servers continues its winning ways by bagging the Jan 2011 PCSL 5 Star award, Advanced+ Certification from AV Comparatives in the Feb 2011 tests and the April 2011 VB100 award successively. The VB100 and AV-Comparatives awards are awarded to products that show good detection and removal capabilities without any

All 5 Releases


More Releases for Card

Gift Card and Incentive Card Market Set for Explosive Growth | National Gift Car …
A new business intelligence report released by AMA with title "Gift Card and Incentive Card Market" has abilities to raise as the most significant market worldwide as it has remained playing a remarkable role in establishing progressive impacts on the universal economy. The Global Gift Card and Incentive Card Market Report offers energetic visions to conclude and study market size, market hopes, and competitive surroundings. The research is derived through
IC Card/Smart Card Market 2022 | Detailed Report
The IC Card/Smart Card research report combines vital data incorporating the competitive landscape, global, regional, and country-specific market size, market growth analysis, market share, recent developments, and market growth in segmentation. Furthermore, the IC Card/Smart Card research report offers information and thoughtful facts like share, revenue, historical data, and global market share. It also highlights vital aspects like opportunities, driving, product scope, market overview, and driving force. Download FREE Sample Report
Prepaid Card Market by Card Type (Single-purpose prepaid card, and Multi-purpose …
Higher preference of prepaid cards to bank account cards has attributed to cost-effectiveness and flexibility. Moreover, increase in awareness and convenience of these cards enhance the adoption of prepaid cards. Furthermore, emerging applications & acceptance of these prepaid cards for various transactions and increasing popularity among individuals traveling abroad are expected to boost the market growth in the future. A new report published by Allied Market Research, titled, Prepaid Card Market
Prepaid Card Market by Card Type (Single-purpose prepaid card, and Multi-purpose …
Higher preference of prepaid cards to bank account cards has attributed to cost-effectiveness and flexibility. Moreover, increase in awareness and convenience of these cards enhance the adoption of prepaid cards. Furthermore, emerging applications & acceptance of these prepaid cards for various transactions and increasing popularity among individuals traveling abroad are expected to boost the market growth in the future Prepaid Card Market is projected to grow at a CAGR of 22.7%
Card Intelligent Lock Market Report 2018: Segmentation by Type (Magnetic card Lo …
Global Card Intelligent Lock market research report provides company profile for Tri-circle, Dessmann, Royalwand, Bangpai, ZKTeco, Schlage, KEYLOCK, Yale, Tenon, KAADAS, BE-TECH and Others. This market study includes data about consumer perspective, comprehensive analysis, statistics, market share, company performances (Stocks), historical analysis 2012 to 2017, market forecast 2018 to 2025 in terms of volume, revenue, YOY growth rate, and CAGR for the year 2018 to 2025, etc. The report also
Prepaid Card Market Report 2018: Segmentation by Card Type (Single-purpose prepa …
Global Prepaid Card market research report provides company profile for Green Dot Corporation, NetSpend Holdings, Inc., H&R Block Inc., American Express Company, JPMorgan Chase & Co., PayPal Holdings, Inc., BBVA Compass Bancshares, Inc. and Others. This market study includes data about consumer perspective, comprehensive analysis, statistics, market share, company performances (Stocks), historical analysis 2012 to 2017, market forecast 2018 to 2025 in terms of volume, revenue, YOY growth rate, and