Visa has warned its customers to be aware of the increased risk posed by key-logging trojans.
The credit card company claimed in recent weeks it had seen a rise in this technique, which obtains information from victims through software that captures and records their keystrokes.
The particular malware affecting Visa payment systems sends payment card data to a fixed IP address or email that the hacker can then access and use as he or she sees fit.
"In these instances, the hacker is able to install key logger malware on the point of sale (POS) system due to insecure remote access and poor network configuration," Visa said in a statement.
Visa admitted that key loggers can be difficult to detect but has recommended a list of security measures for retailers using the system to take on board as a precautionary measure.
These include removing unnecessary remote access, implementing a secure network configuration, regularly observing which software is installed and ensuring anti-virus is kept up-to-date.
Although Visa blames poor practice for the success of key logging, another security firm has put this rise down to the increase in Windows-based payment terminals, leaving systems open to the type of malware a home or office PC could get infected with.
"Trojan-driven keylogger attacks have been on the rise for home and office PC users for some time, but companies and home users are getting wise to the problem and are installing IT security software on their machines," said Mickey Boodaei, chief executive of Trusteer.
"For retailers, however, the problem is more complex, as many of their terminals are subject to leasing and maintenance contracts, meaning that they tend to rely on the supplier/maintained for their IT security protection."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
