Visa warns retailers of rising keylogger trojan problem

The reason for this, says Trusteer, is that many EPOS Tills are Windows-powered and are therefore susceptible to the same type of malware infections as office and home PCs.

Mickey Boodaei, the browser security and fraud prevention specialist, said that trojan-driven keylogger attacks have been on the rise for home and office PC users for some time, but companies and home users are now getting wise to the problem and are installing IT security software on their machines.

"For retailers, however, the problem is more complex, as many of their terminals are subject to leasing and maintenance contracts, meaning that they tend to rely on the supplier/maintained for their IT security protection", he said.

Despite this, Trusteer's CEO advises retailers not to be afraid of checking with their till terminal supplier about issues such as IT security, as with significant new penalties from the Information Commissioner's Office (ICO) regarding data leaks and breaches starting this week, retailers accepting card payments from their customers need to be aware of their security options.

Consumers, meanwhile, should also take precautions against keyloggers, says Boodaei, as criminals are increasingly targeting payment card information on the Internet.

Many malware variants, he explained, collect card data as customers type it in while making a purchase online. In addition, more sophisticated malware can also change payment pages on websites asking for additional card and personal information.

"Our research team have also come across malware variants that steal card information when you log onto your bank account. They frequently change the login page to request your card information and then send this information on to the criminals", he said.

According to Boodaei, the increasing sophistication of cybercriminals looking to rip-off retailers, as well as their card-carrying customers, is a problem that will not go away because, as existing avenues of card fraud are closed off, cybercriminals will attempt to open new ones up.

"Unfortunately, keyloggers are an ideal vehicle for card fraud, as they allow fraudsters to radiate trojans out via sophisticated bulk emailers and sit back for unwary recipients to click on the links and unwittingly install the keylogging malware on their Windows-driven machines", he said.

"Consumers can do their part by installing a browser add-in such as Trusteer's Rapport software, which is offered as a free download by banks such as HSBC, RBS/NatWest and the Santander Group. Retailers, meanwhile, should contact their till terminal supplier for advice on their own IT security options", he added.

What’s hot on Infosecurity Magazine?