Scam that blocks payment by approximation to force use of the physical card: what is known

[ad_1]

The target of the Prilex virus is the store’s computer, which is connected by cable to the card machine. Scheme forges up to two errors at the time of purchase: one in an attempt to pay by approximation and another when the person uses the physical card to try to complete the operation. Illustration of card payment machine connected to a computer Wagner Magalhães/g1 Scammers continue to target credit card data theft during physical purchases. Now, they can also detect and block approximation payments, to force the victim to insert the card into the machine and enter the password. Only then can they get the data they need to try to make a fraudulent purchase later. To answer questions about the topic, g1 spoke with Fabio Assolini, head of Kaspersky’s global research team in Latin America. The cybersecurity company was the one who revealed, last Tuesday (31), that a new version of the scam was first detected in Brazil. And g1 also listened to Adriana Umeda, from the security and fraud prevention committee at Abecs, the association of credit card companies and services. Below, see in 10 questions and answers what is known about the scam so far and how to protect yourself. What is the step by step of the coup? How was the scam discovered? Was anyone a victim? How do bandits manage to get into stores’ computers? Does the malicious program infect the machines? Why do they block contactless payments? What data is captured from the inserted physical card? How would they make an improper purchase with this data? Does the store not know? How to protect myself? I’m a shopkeeper. What should I pay attention to to avoid the scam? 1) What is the step by step of the coup? A virus infects the store’s computer, which is connected by a cable to the card machine. It makes it possible for the bad guys to interfere with the communication between these two devices. In order to get the victim’s data and still allow the purchase to happen in the store, without arousing suspicion, criminals cause up to two error messages. Follow along: If the victim chooses to pay by approximation, the bandits are able to detect and prevent this charge, displaying a false error message on the screen of the card machine, in order to force the customer to insert a physical card to make the payment; On the first attempt to pay by entering the card and password, criminals produce yet another error warning – for example, password. In fact, in this attempt that apparently went wrong, they already capture the data from the card’s chip and the transaction code, to try to make fraudulent purchases later; Unaware of this and believing that there was just another mistake, the customer tries the payment with the physical card for the second time, which works. That value will be received by the store. 2) How was the scam discovered? Was anyone a victim? The virus, called Prilex, has been known for some years by cybersecurity companies. According to Kaspersky, the Brazilian gang behind this malicious program has already targeted ATMs, debit cards, even abroad, always seeking to circumvent the protections of these systems. “It’s not new, we’ve been living with this potential threat since 2014, 2015”, confirms Adriana Umeda, from the association of card companies. “Like any virus, it evolves.” In September of last year, the gang started to make fraudulent purchases by inserting the virus into the computer of the stores, in order to gain access to the card payment system. Now, Kaspersky says that a new version of Prilex allows blocking approximation payments, which are safer. This novelty was detected on the computer of one of its customers in Brazil, a medium-sized company, whose name was not revealed. “It’s a concrete case, we have all the evidence of this attack”, says Fabio Assolini, from Kaspersky. Abecs, in turn, informed that it did not receive any report of this new version from the companies that are part of the association until last Thursday (2). How does the coup that made European ATMs spit out millions in banknotes work? Assolini says that, in the case of this company in Brazil that was the target of the scam, the bandits managed to install the virus on the company’s computer by posing as employees of the payments sector, who would need to carry out maintenance. For this, the criminals contacted by phone and asked that a file sent by them be downloaded, so that they could carry out the alleged maintenance on the system. “In his network (a Kaspersky client), there were installations of remote access software, which is commonly used in this type of approach”, says the specialist. “The criminal can go (to the store) in person, do it over the phone, trying to deceive the employee. Or count on the help of someone internal… There are ‘n’ ways for them to install Prilex on the computer”, he completes. 4) Does the malicious program infect the machines? No. It acts on the computer to which the machine is connected by cable, as is quite common at supermarket checkouts and large stores. These machines basically function as a keyboard and as a card receiver (or approach technology). The charge itself depends on the computer. They are different from card payment machines that do not use a cable and are self-sufficient (they have built-in software and are not connected to the store’s computer). These are not among those that appear in the Prilex operation, according to Kaspersky. “It is on the computer (at the store) that Prilex will be installed”, says Assolini. “The little machine is safe, anti-fraud, no pest can change it. If you try to open it or mess with the software (the ones that have it), it will stop working.” 5) Why do they block contactless payments? The approach payment is blocked because the criminals “can’t do anything with the data (of this type of operation)”, says Assolini. Error message appears when approximation purchase is blocked in a new scam against credit cards Reproduction/ Kaspersky This is because the radio frequency and NFC systems used in this modality generate an “identity” (card number) that is unique for each payment. It’s the same as when you use a virtual card on your cell phone. It is not possible for crooks to leverage this data in a later purchase. Only with the physical card number, which does not change with each purchase, can the gang apply the scam. “Keep paying by approximation. It is so secure that criminals need to force people to insert the (physical) card”, recommends the Kaspersky analyst. 6) What data is captured from the physical card? The card inserted in the machine and the act of typing the password make it possible for the virus that is in the infected computer to read the information contained in the chip and obtain the physical card data and the so-called cryptogram, according to Kaspersky. The cryptogram is a code that identifies each financial transaction carried out in the billing machine. On the first attempt to pay by inserting the card, the cryptogram is already generated and captured together with the chip data. But, according to Assolini, the crooks manage to “hold” the transaction, which is not completed at that moment, generating a new error. The data captured in this operation will be used by the gang in a subsequent purchase attempt, in the same amount as the one the customer is trying to complete in the store. The consumer, in turn, believes that an error actually occurred and tries a second time to pay with the physical card. This transaction completes normally. 7) How would they make an improper purchase with this data? This is a point that is not completely clear. To complete the fraud, the gang needs to make the “ghost purchase” at their own “point of sale”, which may be in the name of oranges. But, in theory, the cryptogram (key generated for each financial transaction) captured in the first payment attempt with the card inserted in the machine could not be used after a second attempt was successfully completed. “The cryptogram has a counter, called ATC (acronym in English for ‘chip transaction counter’). Acquiring companies monitor the ATC and manage to catch the fraud”, explains Assolini. It refers to the companies that communicate the transaction between the store, the card brands and the banks that issued the card. An article published by Kaspersky in September last year, however, says that Prilex would even be able to generate new cryptograms, including changing purchase values, based on the one that was captured. “Catch [de dados] is one thing, use is another”, points out Adriana Umeda, from the Association of Card Companies. According to her, for the fraudulent purchase to be carried out there would need to be almost “an alignment of stars”, she compares. “(It would have to) be successful in the collection (of data) to have a conniving trade (where the fraudulent purchase would be made), the issuer (of the card) would have to have low defenses… The difficulty is great.” Trying not to waste chances, criminals manage to filter which companies have a high flow of card transactions. And, now, they also detect the type of customer’s card (for example Black, normally associated with higher balances and limits), Kaspersky reported. Even so, in order to increase the chances of that the undue purchase is authorized, the bandits usually use the same amount as the one in the store, according to Assolini. This attitude would also draw less attention from the victim. “You see (two equal amounts) on your statement and think it’s the one ( try) that doesn’t I’m sure and that it will be deleted later. You wait (to complain about the improper purchase)”, says the analyst. Assolini says that it is not clear when the “phantom purchase” attempt takes place. . But my visibility is limited to the action of the malware (virus)”, he explains. 8) Is the store unable to find out? In theory, no. It is up to store owners to ensure that the computer, which is the target of the virus, is not accessed by anyone that is not authorized and that no program is downloaded or any suspicious link is used. When in doubt, the ideal is to contact the company responsible for the electronic payment system before taking any action. 9) How can I protect myself? is that not every error message on the card machine means a scam attempt. “The reading error can happen regardless of being a risk like that, it could be a technical problem”, recalls Adriana, from Abecs. For Assolini, who else should be concerned with the innovations of Prilex it is the shopkeeper and the electronic payments sector, not the consumer. In any case, some recommendations can be followed: if the error message appears when paying by approach, insist on paying by approximation on another machine. ina. if this possibility does not exist or if an error message appears again, use alternatives such as Pix or cash instead of inserting the physical card. be even more suspicious if the machine displays a message asking you to insert your card. This warning is not common: the machines usually only inform that there was an error. regularly monitor the card statement; if you suspect something, contact the operator; if possible, register your cell phone in the bank application to receive a message whenever a purchase is authorized with your card. 10) I’m a shopkeeper. What should I pay attention to to avoid the scam? Merchants should be extra careful with any request to verify or update their computer/payment system; Before downloading any requested software, they should contact the card company to find out if this is customary or if something is wrong. Initial plugin text

[ad_2]

Source link