Department of Homeland Security warns retailers of 'Backoff' POS malware

By Himanshu Arora ยท 9 replies
Aug 1, 2014
Post New Reply
  1. The Department of Homeland Security yesterday issued an alert about a point-of-sale malware that was used in a string of recent attacks by cyber criminals. Dubbed Backoff, the malware has been witnessed on at least three separate forensic investigations since...

    Read more
  2. cmbjive

    cmbjive TS Booster Posts: 777   +138

    I'm glad that the DHS is warning us about cyberattacks. Now how about they do a better job of warning us when illegals cross the border?
  3. Two things:

    1. This type of thing will continue to happen until the PCI and retailers pull their heads out of their backsides, abandon magnetic strip technology, and implement chip + PIN payment systems. Find a way to stop this particular piece of malware without getting rid of the mag strip, but be prepared for the next compromise. It's an easy target with a great payoff. Make it a harder target with no payoff. The chip doesn't make the private data accessible to even the reader, so there's no way to copy it -- and therefore there is no point in putting malware anywhere in the system.

    2. Did anyone actually look at the picture before using it for this article? No malware got that person's card, since it's going through the reader upside down!
  4. They failed at that hundreds of years ago when then let the white man in. At least now, people with at least some blood of the original inhabitants of this land are coming back to help fight off those invaders from years past!
  5. Good point, I am travelling in Canada now and they have already required all to switch to the chip/pin method, no magnetic swipes. When I bring my US credit card to places they look at me funny when I tell them it has to be swiped...

    It also solves other issues since the new system uses the portable card readers that you enter your pin on. It is silly if you think about how it is still done in the US; you give your card to some stranger who then takes it out of sight and could do anything. Like in restaurants in the US I still hear about servers modifying tip amounts to give themselves more. That problem is eliminated with chip...
  6. captaincranky

    captaincranky TechSpot Addict Posts: 13,005   +2,532

    Frankly, I don't see where Hispanic people crossing the US border from Mexico and points south, has anything to do with , "the original inhabitants of these lands". Since the Spanish Conquistadors stole all of those lands from their "original inhabitants", in the first place.

    If you want to spout sh!t, or reply off topic, to already off topic nonsense, at least get your facts straight.:mad:(n)
  7. Interesting article, best practices in Cyber Security are often hard to identify , I would encourage you to read how companies like OPSWAT are advancing multi-scanning applications to the front lines
  8. Greg S

    Greg S TechSpot Staff Posts: 1,070   +427

    That problem still exists. It's a pre-authorized transaction. The waiter/waitress swipes your card to temporarily store the data on it, and then they give the card back to you and you leave. After you leave, they come to the table, pick up the receipt and key in the tip amount. This is then charged to your card and it's already authorized from when the card was swiped before. Regardless of what technology is used, if pre-authorized transactions exist (which is dependent upon specific card readers and POS software associated with the reader), it's still possible to change the amounts to charge to the card without the card owner knowing.
  9. The switch to chip and pin starts next year by the way.
  10. What kind of 4th world country are you all living in?

    This is nonsense where I come from where we use chips+pins (Chile).

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...