Visa’s Payment Fraud Disruption (PFD) team recently determined that seven point-of-sale breaches reported since March 2018 in North America were linked to the exact same malware file hash, now known as the “PwnPOS” File.
PwnPOS is a point-of-sale (POS) malware file that was first identified back in 2015, but there are indications it may have been active as early as 2013.From 2016 to 2017, there were only a few reported instances of PwnPOS infections, but that number increased significantly in 2018. Visa’s PFD team discovered that each of the malware files recovered from the 2018 breaches were the same across all instances, which means the PwnPOS malware family is easily identifiable.
There are three main attributes of the PwnPOS malware:1) A component that adds or removes itself from a list of system services2) This component enables the malware to avoid detection and persist on a targeted machine3) The malware installs a RAM scraper that monitors for keyboard inputs containing a string of numbersOnce those keyboard inputs are scraped, the malware checks the string of numbers against the Luhn algorithm (a formula used to validate identification numbers) to determine if it is a credit card number. If the numbers pass the check, the malware extracts the compromised data.
To identify the presence of the PwnPOS malware, Payscout recommends scanning your networks for the following indicators of compromise:
The indicators above correspond to the RAM scraper component of the PwnPOS malware. The seven cases Visa’s PFD team identified in 2018 had additional PwnPOS file attributes, but the RAM scraper component was consistently present in all instances, making it the most reliable indicator of compromise available.
Visa recommends the following best practices to reduce the risk of exposure:
To account for changes in technology, cyber security, and legal policies, compliance in the collections space is constantly evolving. Collection agencies, like many businesses, rely on a network of technology vendors and systems providers to manage their operations.
One of the most important factors to consider when selecting a payment processor is the banks they are accredited and partnered with. Finding the right payment partner is one thing; making sure it aligns with your business risk and needs is another battle.