The Same Point-of-Sale Malware File has been Linked to Multiple Data Breaches in North America

Credit-card-and-POS-and-malware image for Visa PwnPOS post

Visa’s Payment Fraud Disruption (PFD) team recently determined that seven point-of-sale breaches reported since March 2018 in North America were linked to the exact same malware file hash, now known as the “PwnPOS” File.

PwnPOS is a point-of-sale (POS) malware file that was first identified back in 2015, but there are indications it may have been active as early as 2013.

From 2016 to 2017, there were only a few reported instances of PwnPOS infections, but that number increased significantly in 2018. Visa’s PFD team discovered that each of the malware files recovered from the 2018 breaches were the same across all instances, which means the PwnPOS malware family is easily identifiable.

How it Works

There are three main attributes of the PwnPOS malware:

1)  A component that adds or removes itself from a list of system services

2)  This component enables the malware to avoid detection and persist on a targeted machine

3)  The malware installs a RAM scraper that monitors for keyboard inputs containing a string of numbers

Once those keyboard inputs are scraped, the malware checks the string of numbers against the Luhn algorithm (a formula used to validate identification numbers) to determine if it is a credit card number. If the numbers pass the check, the malware extracts the compromised data.

Mitigation Measures

To identify the presence of the PwnPOS malware, Payscout recommends scanning your networks for the following indicators of compromise:

Visa PwnPOS Malware Alert - Indicators of Compromise

The indicators above correspond to the RAM scraper component of the PwnPOS malware. The seven cases Visa’s PFD team identified in 2018 had additional PwnPOS file attributes, but the RAM scraper component was consistently present in all instances, making it the most reliable indicator of compromise available.

Best Practices

Visa recommends the following best practices to reduce the risk of exposure:

  • Secure remote access with strong passwords, ensure only the necessary individuals have permission for remote access, and disable remote access when not in use.
  • Enable EMV on all point-of-sale devices.
  • Provide each Admin user with their own user credentials. User accounts should also only be provided with the permissions vital to job responsibilities.
  • Turn on heuristics (behavioral analysis) on anti-malware to search for suspicious behavior, and update anti-malware applications.
  • Monitor network traffic for suspicious connections, and log system and network events.
  • Implement Network Segmentation, where possible, to prevent the spread of malicious software and limit an attacker’s foothold.
  • Maintain a patch management program and update all software and hardware firmware to most current release to limit the attack surface for zero-day vulnerabilities.

Free eBook: 5 Ways an Online Payment Portal Will Streamline Your Business and Increase Revenue

Why Every Business Owner Should Read Payscout’s Payment Portal eBook
Every Business Owner Should Read Payscout’s Payment Portal eBook

As a result of the innovations in global mobile payment processing and other facets of the payment industry, Payscout is one of the most well-respected and successful payment processing organizations in the industry. Payscout consistently ranks among the top 30 companies in the financial services industry, and has ranked in the top 20 for medium-sized businesses on Entrepreneur’s list of Top Company Cultures. As such, when payments industry professionals from Payscout talk, the financial industry service industry listens.

Which means that any business hoping to increase their efficiency, growth, and profit might want to consider doing the same. Thankfully for them, Payscout has a commitment to education and transparency that’s resulted in the publishing of an eBook entitled “5 Ways an Online Payment Portal Will Streamline Your Business and Increase Revenue.” The following is a brief overview of topics covered in its five chapters, but shouldn’t be considered an alternative to reading it in its entirety, as this eBook is a must-read for anyone interested in their business profiting. The free eBook is available for download directly from Payscout’s website.

 Customer Convenience

The demographics of the American and global marketplaces are changing. There will soon be more millennials involved in commerce than baby boomers, and they have billions to spend. Having largely grown up with the internet and proficient in the use of devices, for millennials, convenient, comprehensive payment options for everything from entertainment streaming to utility payment processing is now expected. Disregarding that reality can prove devastating for a business.

 Flexibility

In the same vein, traditional bill paying, chiefly by cash and check, continues to decrease in popularity. At the same time, automated bill payment featuring credit and debit cards has increased. Modern customers are simply choosing plastic over paper, and every business should at least allow the option to accommodate that preference.

 Efficiency

Efficiency is an asset to any business, but a good example is accounts receivable and collections. Repeatedly mailing bill reminders and making calls not only doesn’t work, but also wastes the time of the collector and the debtor, wastes resources, and loses money better spent elsewhere. Setting up an automated, intuitive, reasonable process for reminders and a user-friendly payment portal through accounts receivable collections software will save a company money and is more likely to actually result in money being collected.

 Security

Hacking and malicious intrusions into a company’s network can result in customer information being compromised, fraudulent charges, and a loss of millions in revenue. It can cost both current and future customers by permanently damaging a company’s reputation, literally overnight. That’s why it’s so important to choose a payment processor that is Payment Card Industry Data Security Standard (PCI DSS) compliant. And when choosing a payment processing company, be sure to ask about their data encryption algorithm and their tokenization technology.

 Brand Building

A non profit may be doing everything right marketing-wise by running an efficient and ethical business, advertising in the right places, and using branding to spread the word about their organization and contributions to altruism. However, if their non-profit payment processing platform only accepts one-off payments in the form of cash and checks, they’re going to be faced with less donations and fewer recurring donors. While many want to support the causes they believe in, the reality is that some people are simply not interested in (or seemingly too busy to) physically deliver cash or mail checks. Fortunately, a secure non-profit payment processing solution can streamline the process, making it easy to drive consistent, recurring donations from different payment options to your organization.

 Optimize the success and continued growth of your business or non profit with the industry’s best payment processing solutions, at www.payscout.com

Streamline and Secure Your Business’s Payment Processing with Payscout’s Virtual Terminal

Online Shopping on laptop with credit card

From the complexity of healthcare payment processing to the relative simplicity of buying and selling a product, the modern marketplace is far more dynamic than it’s ever been. For the vast majority of human history, most basic transactional commerce involved a customer purchasing a product or service from a vendor. The point of sale (POS) was a static, physical exchange of currency for the product or service, usually at the business of the merchant or vendor. At the risk of stating the obvious, the internet has changed that dynamic for good. Trillions of dollars are now spent online and any reasonable business with a product that can be sold, advertised, or promoted on the internet, does so—or at least should.

Failing to do so risks, if not guarantees, that their business will suffer (or possibly fail). However, this profitable new paradigm is accompanied by perils and vulnerabilities. When an internet vendor doesn’t interact face-to-face with any of their clients, they are put in a position where they have to trust that a consumer is who they say they are and actually has the funds they’re accessing with their credit or debit card. Fortunately, there are solutions for mitigating or eliminating the risk of things such as consumer fraud, insufficient funds, stolen cards, or payment processing that isn’t fully secure. When dealing with digital, remote, and international payment processing, businesses can protect themselves and increase their efficiency (and in turn, profits) by leveraging Payscout’s virtual terminal.

Benefits and Services of the Virtual Terminal

There are two primary ways in which Payscout’s virtual terminal aids any company doing business online: guaranteeing the money that a consumer is spending is actually there, and then ensuring a secure transfer of those funds. Payscout has managed this by deploying the most secure, advanced technology to ensure that the customer has sufficient funds in their merchant bank to cover the price of the purchase on any major credit card. That allows merchants to accept or decline transactions as necessary, and that means fewer chargebacks. Those features are available at both physical POS terminals and online sales.

 Security Features

Every feature of modern commerce requires security. That reality informs every product and service Payscout offers, from accounts receivable collections software to innovations in data tokenization. The security solutions for the Virtual Terminal are based on Payscout’s development of proprietary ecommerce tools and developer APIs to protect all consumer data sent between a business’ website and the merchant service bank. Additional security features include Advanced Fraud protection technology, Visa 3D Secure, MasterCard Secure Code, and PCI compliance. All of that advanced, reliable safeguarding provides the security every business needs to thrive in the internet age.

Optimize your business’s profit potential and growth with the industry’s best payment processing solutions, at www.payscout.com

Business Security Tips for Safer Commerce

female business owner on rooftop with tablet

As the internet hosts financial enterprises from utility payment processing for major cities to the buying and selling of corporations, the hundreds of billions of dollars transferred, earned, and spent online represent a tremendous opportunity. Big opportunities, however, are often accompanied by great risk. Some of that risk is simply the unavoidable and unforeseeable, chaotic, esoteric fluctuations of global markets.

Some of that risk – fraud and theft – is also more malicious but, thankfully, addressable. Anyone doing business online (and offline) faces both of these risks, but addressing their vulnerability to hackers, identity thieves, credit and debit card scammers, etc. requires trustworthy partners and some prudent safeguards. Payscout is the perfect partner for smart and secure payment processing that—along with some best practices below—can make your business safer and more secure.

Restrict the Number of Allowable Transaction Attempts

Significant developments in the security of physical point of sale (POS) and mobile payment processing by companies like Payscout mean that scammers are focusing more on card-not-present scams. This trend has given birth to an online marketplace of stolen payment card numbers that thieves can buy individually or in bulk. Some of those numbers have been rendered useless by reporting or have incomplete information, but scammers will often try a series of card numbers until one works. Restricting the number of allowable transaction attempts can thwart that sort of “brute force” attempt at fraud.

 Keep Track of Suspicious Card Numbers

Retain a log of suspicious card numbers. Most payment card processing companies allow vendors to review attempted transactions, successful or not. Recording and perusing those daily transactions can help identify the sort of attempt described above – if one of the cards went through before the daily transaction limit had been reached.

 Keep Your Digital Fortress in Good Repair

Payscout provides vast, dependable security measures (such as encryption and tokenization services) to protect all financial information in a merchant’s database, fraud-protection and security specialists that handle automated screening and manual review, and a variety of check and card protection and verification services. Payscout also offers services ranging from local non profit payment processing to global payment processing from multinational corporations. But their expertise and resources can only help so much if your firewall, anti-virus, anti-malware, anti-spyware, etc. protection is lapsed, lax, or not present.

 Don’t Mix Business with Personal

There are a number of good reasons for having separate, dedicated hardware, software, and devices for business and personal use. For one, using one device and/or system for your business and personal computing can result in frustrating confusion—particularly if your personal computing includes personal finances. But more importantly, if you have everything in one place and do get hacked, you risk losing everything. Be safe!

Protect your business’s future and secure its continuing growth and success at www.payscout.com.