Researchers with ETH Zurich have identified vulnerabilities in the implementation of the payment card EMV standard that can allow bypassing PIN verification Researchers David Basin, Ralf Sasse, and Jorge Toro-Pozo from the department of computer science at ETH Zurich discovered multiple vulnerabilities in the implementation of the payment card EMV standar

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented th

The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data. The disclosure came hours after KrebsOnSecurity contacted the company regarding reports from sources in the financial sector about a possible breach at the ret

The U.S. was not an early adopter of chip-and-PIN credit cards, lagging behind major European countries and others. But more than a year after the official mandatory shift to this technology, the transition has reshaped most credit card transactions. As a result, the rate of credit card fraud is down sharply. Catching Up With Chip-and-PIN Credit Cards The co

Visa this week delayed by three years a deadline for fuel station owners to install payment terminals at the pump that are capable of handling more secure chip-based cards. Experts say the new deadline — extended from 2017 — comes amid a huge spike in fuel pump skimming, and means fraudsters will have another three years to fleece banks and their

Secret Service warns of Periscope Skimming probes, it the first time that law enforcement discovered attacks against ATMs conducted with these devices. The US Secret Service is warning banks and ATM vendors about a new ATM skimmer technology, the so-called ‘periscope skimming.’ The device is composed of a skimming probe that crooks connect to the

The Payment Card Industry Security Standards Council (PCI Council) updates its standard to reduce fraudulent activities against PoS systems. The number of credit card frauds involving Point-of-Sale continues to increase, in the last months, numerous attacks targeted retails and hotels worldwide. The Payment Card Industry Security Standards Council (PCI Counc

Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals. Much like the skimmers found at some Safeway locations earlier this year, the skimming device pictured below was designed to be

A number of credit unions say they have experienced an unusually high level of debit card fraud from the breach at nationwide fast food chain Wendy’s, and that the losses so far eclipse those that came in the wake of huge card breaches at Target and Home Depot. As first noted on this blog in January, Wendy’s is investigating a pattern of unusual

What was the best way to steal cash from an ATM in 2015? Skimming still remains king, but a survey of 87 members of the ATM Industry Association (ATMIA) says that card trapping and transaction reversal fraud are on the rise around the world.In November 2015, ATMIA internally published a survey (PDF) describing the state of ATM hacking in the previous year, f

Retail Risk in 2016 Retail companies did well in 2015. As noted by CNBC, for example, digital sales on Black Friday rose 20 percent from 2014, and in-store purchasing remained strong throughout the holiday season. But the new year brings new challenges. Here’s a retail risk reality check of the top five vulnerabilities expected in 2016. Attacks of Scal

Worried about online fraud? Retailers and consumers both share this concern — and for good reason: According to CSO Online, reporting on a new ThreatMetrix study of Q4 2014 and Q1 2015, fraudulent login attempts reached 25 million per month. What’s more, the security firm says these only include “definitely illegitimate” transactions and wa

In spite of the continual headlines about data breaches, there is a continuous effort to improve the security of credit card transactions by the financial services industry.Banks want to accomplish this to avoid incurring the expenses associated with fraudulent purchases and investigations efforts. Consumers want this, so they don’t have to deal with the has

Ready to get the week started with some of the top news about the InfoSec industry? This week’s edition of the InfoSecond features four stories: how banks have begun to invest in and experiment with Bitcoin and blockchain technology; the utilization of a polymorphic approach for security purposes; what you need to know about the new EMV chip-powered cr

Over the course of the last decade, major credit card companies have begun to implement EMV or “chip and pin” technology. This system requires that a card reader retrieve the customer’s information off of their card’s magnetized chip, which is followed by the cardholder entering in their PIN number.As a result, chip and pin essentiall