3.2 million debit cards issued by some of India’s largest banks were exposed to a malware induced security breakdown around Mid-2016 making it one of India’s largest data security breach. Malware that could damage ATM system was injected into the ATM payment service machine, which permitted unauthorized persons to access credentials of users. The NPCI (National Payments Council of India), an umbrella organization facilitating retail payments warned banks that unauthorized transactions were being generated from China and USA. SISA, a security auditing firm reported that a sophisticated injection of malware (a piece of malicious software code) in the Hitachi Payments Services Systems led to the compromise of the details of these debit cards. …show more content…
Later in September, banks again reported transactions to the company after which an external audit agency, SISA Information Security was called to conduct a forensic audit on the case. (Source: Deccan Herald, Oct 20, 2016)
SISA completed its final assessment report on the breach of security protocols, which led to the potential compromise of debit cards between May 21 and July 11, 2016. SISA’s report pointed out a sophisticated malware injected (a piece of malicious software code) in the Hitachi Payments Services systems, which could compromise the details of these debit cards. The code was written in such a manner that it concealed its traces during the compromise period. “While behavior of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated during the above compromise period is unascertainable due to secure deletion by the malware” said Loney Anthony. (Source: Press Release by Hitachi Payment Services).
The Reserve Bank of India has been asking banks to enhance their digital security and the Hitachi statement comes a day after the central bank announced formation of an inter-disciplinary standing committee on cyber-security to review threats, study security standards and suggest appropriate policy interventions. (Source: Press Trust of India, 09 Feb 2017)
Method
Working of ATM network
ATM systems of most of the banks in the country are delegated to third parties who supply the ATM machine and the
Modern day technology has changed the ways in which people purchase products and services. In the twenty-first century, all business has pretty much converted over to the electronic payment systems. One swipe of a credit card and immediately the data transmits through a gateway onto the payee 's bank processing link. However, during the disbursement of data is when more than forty-three million people’s debt or credit card information becomes promised. May of these computer programs assume the title of Hackers. A hacker is one who installs malicious software onto individuals compter’s or computers networks. In hopes of gaining unauthorized access to sensitive information on the victim 's computer.
Amongst March and July of this current year, suspected hackers could get to payment card data for clients at a few Hyatt hotels situated in China, Brazil, United States, India, Japan, Malaysia and a few different nations. Taking all things together, an aggregate of 41 properties crosswise over 11 nations were influenced by the rupture.
The use of security alert programs, scanning services, or software can be used to warn the merchant of any vulnerable information. Software can be installed to recognize any modification by unauthorized personnel. Also, as mentioned before, vendor supplied security patches must be installed within one month to avoid exposing cardholder data. Furthermore, all information being transmitted must be encrypted when using the public networks. Network and platform vulnerabilities can also be assessed by a vulnerability scan. A vulnerability scan involves an automated tool that checks a merchant or service provider’s systems for vulnerabilities (pcicomplianceguide.org, 2015). The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol addresses provided by the merchant or service provider (pcicomplianceguide.org, 2015). The scan identifies vulnerabilities in operating systems, services and devices that could be used by hackers to target the company’s private network (pcicomplianceguide.org, 2015). As provided by an Approved Scanning Vendors (ASV’s) such as ControlScan, the scan does not require the merchant or service provider to install any software on their systems, and no denial-of-service attacks will be performed
An unauthorized and highly sophisticated malware that not been encountered previously by any security company attacked the point-of-sale systems where all the card information is stored. The outcome of this hacking been extensive and affected millions of customer’s personal and payment data was exposed, results in the payment card compromise of three million customers.
The intriguing thing about the TJX escapade is that TJX lost the Visa information of 96 million buyers (around 29 million MasterCard casualties and 65 million Visa casualties). The expense, all things considered, had to be taken care of by the guarantors of the charge cards. From a business point of view, the scandal shows up not to have unfavorably influenced TJX. It may matter to clients who turned into the casualties of character extortion and the banks who need to cover the false utilization of charge card numbers, yet it has not influenced TJX. Since TJX lost claims by banks, it seems to have affirmed the of held (but deceptive) conviction that defensive measures are unimportant, and that the insignificant sum ought to be spent on them.
However the breach occurred long time ago but went unrecognized. They suspected that this might be the same malware used during the Target’s data heist. Furthermore, the hackers injected the system with the malware which enters the system which is called BlackPoS (Point of Sale).This software cannot be detected as it masquerades as a genuine service. This malware scrapes the entire RAM and also keeps the track of entire data from the running processes. Later it transfers the entire
In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December 2013 data breach, exposed Target in a way that many
Three different areas of vulnerabilities was identify as the result of this data breach. The hackers where able to take advantage of these vulnerabilities and use them gain the customers of TJX Companies, Inc. retail stores valuable and trusted private information that was in trust to them.
A single data breach can severely impact a company’s reputation as well as their ability to conduct business in the future. For merchants that process, store and transmit credit card information, PCI DSS has never been more important.
Over 40 millon people have been victums of the breach. Information of these people may have inclueded names, mailing adresses, phone numbers or email adresses, along with other information. There were multiple instances of fraud , where customers relaized some of their cards might have been sold on the black market.
PoSeidon is malware that is aimed at exploiting PoS machines to illegally obtain customers’ debit card and credit card information. The two biggest victims of PoSeidon have been Target, who was attacked in 2013 and lost information of up to 110 million customers (Alaimo, 2015), and Home Depot in 2014 that lost up to 56 million records (Krebs, 2014). This malware is a serious threat to every business that uses POS machines to conduct business. PoSeidon attacks a part of the POS machine that many people did not recognize was a potential vulnerability. According to Lucian Constantin, the PoSeidon malware used a method called “memory scraping”, which scanned the Random Access Memory (RAM) for credit and debit card information that was not encrypted. With the information sitting on the RAM of the PoS machine unencrypted, it was wide open to an attack that put millions of customers’ information at risk. Although RAM only stores the information for a limited amount of time until that space is needed for another task, the information can stay on the RAM long enough for the
It is likely that the huge number of card breaches at U.S.-based organizations over the past year represents a response by fraudsters to upcoming changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit. Non-chip cards store cardholder data on a magnetic stripe, which can be trivially copied and re-encoded onto virtually anything else with a magnetic stripe.
Our company has worked with other retail establishments and are familiar with credit card transaction equipment and requirements. With the new chip requirements used with credit card transactions, our own Jose Pagliery was the first to publically identify all the vulnerabilities in the equipment and vendors. Trustwave admitted “that keeping the credit machines is safe is low on a store’s list of priorities” (Pagliery, 2015). Even Verifone try to publically say that the issues of the article were not a vulnerability by itself. However, we have learned that Verifone has changed their security procedures because of the article.
Point-of-sale terminals infected resulting in massive breaches. Another pattern, purpose of-offer (PoS) based malware has been the principle benefactor in Mastercard breaks in the previous four years – starting with Target and Home Depot. These breaks were the first to convey light to this pattern and recognize that cybersecurity experts expected to stay ready and careful. This pattern, the focusing of purpose of-offer terminals is a consequence of a couple of dubious components. As indicated by Chester Wisniewski, essential research researcher at Sophos, PoS sellers, "instead of attempting to secure PoS terminals and programming accurately, just disregard the issue and let the traders turn into the casualties" (Winder, 2016, para. 4). Moreover, he tends to the way that most merchants who oversee and offer terminals have not tried to refresh their security for over 20 years
Worldwide credit and debit card fraud resulted in losses amounting to $16.31 billion during the year 2014. The United States has been disproportionately affected by this fraud, due to their lack of adoption of the EMV Chip security measure. According to the 2012 Nilson Report, American card issuers lost $3.4 billion and merchants lost another $1.9 billion. America makes credit card fraud easy for fraudsters, by still relying on cards with magnetic strips which are less secure than EMV Chip enabled transactions.