Cybersecurity firm iSight Partners is warning about a new type of malware it has identified as ModPOS, which stands for “Modular point of sale” that can be used to hack into the credit and debit card processing machines of retailers with an unprecedented level of sophistication that makes it incredibly difficult to defend against. It is believed that many retailers have already been hacked and are merely not yet aware of this fact. The hacking appears to have originated in Eastern Europe. Unlike older versions of malware used to steal credit and debit card information from retailers, this strain of malware appears to be capable of stealing much more information from the targeted companies. It can be expected that the effects of this malware attack will become apparent after the holiday shopping season when the harvested data is anticipated to be sold on black market websites to other criminals.
Obviously, retailers still using the old magnetic strip technology are in much greater danger than those using the more secure EMV chip card technology, however even some of the EMV processing equipment is potentially vulnerable to particularly sophisticated attacks that may be able to get the credit card number for use in online purchases.
So what can we do to protect ourselves?
First and foremost, use your credit card rather than your debit card where the laws protecting you from fraudulent use are not as strong. If you have a new EMV card, use it whenever possible, preferably at stores that are equipped to process the card through EMV chip technology and not the magnetic strip with which it also comes equipped. Monitor your credit card statements often to identify if your card has been hacked and report it to your credit card company as soon as possible. Federal law limits your liability for unauthorized credit card purchases to no more than $50 and most credit card issuers will not hold you responsible for any fraudulent charges.