SHERMAN OAKS, Calif. – Currently, at least six, separate malicious software attacks are targeting U.S. retailers and their credit card processing systems, Reuters reports. The incidents are similar to what happened to Target Corp. IntelCrawler, a cybersecurity company, has informed officials at Visa Inc., several banks, and law enforcement about its findings.
Late last week, iSIGHT Partners and the federal government alerted retailers and financial firms that the BlackPOS software that siphoned credit card data from Target had been connected to other merchant security breaches. Merchants, banks and credit card companies have said that anyone experiencing fraudulent purchases because of payment card data theft would have “zero liability” for those charges.
Andrew Komarov, CEO of IntelCrawler, told Reuters that New York and California retailers had been compromised by BlackPOS, which he linked to a teenager living in Russia. While most of the attacks have happened in America, around 30% have been in other countries, such as Canada and Australia.
Many cybersecurity experts recommend switching to smartcards, which use embedded microchips instead of magnetic strips to store information. Because the United States has not embraced smartcard technology as quickly as other nations, it has remained a top target for cyber-criminals.
Gray Taylor, PCATS executive director, commented to NACS Daily:
“It is absurd that the BlackPOS malware could ever see the light of day, let alone be created (reportedly) by a 17 year old. As more information comes to light, this is becoming clear that the recent merchant breaches are an indication of a huge failure within our payments systems, starting with those who protect our cyber security interests and ending with the card payments interests who have steadfastly opposed PIN on every transaction. How much of the billions of dollars in revenue Visa and MasterCard receive each year actually go toward cyber protection? NACS has long held that no network can ever be free of malware, and that payments have to comprehend the simple fact that transactions have to be secure in dirty environments. Yes, EMV is one solution — but at a societal cost of tens of billions of dollars and many years away. We need to press for what can be done in the near term to plug the holes of our porous payments system — like PIN on every transaction and encryption of card data at the point of swipe.”