The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Point-of-sale system

How Hackers Can Hack Your Chip-and-PIN Credit Cards

How Hackers Can Hack Your Chip-and-PIN Credit Cards

October 21, 2015Khyati Jain
October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer. Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a seamless chip-switching trick with a slip of plastic that it was identical to a normal credit card. The researchers from the École Normale Supérieure University and the Science and Technology Institute CEA did a combined study of the subject, publishing a research paper [ PDF ] that gives details of a unique credit card fraud analyzed by them. What's the Case? Back in 2011 and 2012, police arrested five French citizens for stealing about 600,000 Euros (~ $680,000) as a result of the card fraud scheme, in spite of the Chip-and-PIN cards protections. How did the Chip-and-Pin Card Fraud Scheme Work? On investigating the case, the researchers discovered that the n
BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

July 10, 2014Swati Khandelwal
Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, says researchers from FireEye. The new botnet campaign, dubbed as BrutPOS , aims to steal payment card information from the POS systems and and other places where payment data is stored, by targeting Microsoft Remote Desktop Protocol (RDP) servers that were disgracefully using poorly secured and simple passwords. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging
POS Machine Vendor Warns of Possible Payment Card Breach at Restaurants

POS Machine Vendor Warns of Possible Payment Card Breach at Restaurants

July 03, 2014Swati Khandelwal
Due to the better track inventory and accuracy of records, Point-of-sale (POS) systems are being used in most of the industries including restaurants, lodging, entertainment, and museums around the world. It can be easily set-up depending on the nature of the business. Despite that, Point-of-sale (POS) systems are critical components in any retail environment and users are not aware of the emerging threats it poses in near future. So, it is one of the apparent target for cybercriminals and the recent security breach at Information Systems & Suppliers (ISS) proves this. Information Systems & Suppliers (ISS) Inc., the vendor of point-of-sale (POS) electronic cash registers and security systems used by restaurants has warned its customers that it may have experienced a payment card breach. HACKERS COMPROMISED VENDOR’S LogMeIn SERVICE The company on June 12 notified restaurant customers of its remote-access service, the popular LogMeIn, had been compromised
Registry Hack: Get Windows XP Security Updates until 2019

Registry Hack: Get Windows XP Security Updates until 2019

May 26, 2014Wang Wei
Microsoft ended its support for Windows XP officially more than a month ago on April 8, 2014 . This made a large number of users to switch to the latest version of Windows, but still a wide portion of users are using Microsoft oldest and most widely used operating system, despite not receiving security updates. While some companies and organizations who were not able to migrate their operating system’s running Windows XP to another operating system before the support phase ended, are still receiving updates by paying Microsoft for the security patches and updates. Now a relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019. It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are inevitably the same updates Microsoft would have rolled out
New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

May 24, 2014Mohit Kumar
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers. BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions. Now the latest one is the ‘ Nemanj
Pre-Play Vulnerability Allows Chip-and-PIN Payment Card Cloning

Pre-Play Vulnerability Allows Chip-and-PIN Payment Card Cloning

May 20, 2014Mohit Kumar
In March this year, we reported that the major card distributor companies, VISA and Mastercard are migrating to EMV chip cards , also known as PIN-and-Chip cards. Unlike traditional magnetic stripe payment cards, EMV chip cards generates a unique code for every transaction, making it nearly* impossible for criminals to use the card for counterfeit fraud. But Nothing is perfectly secure, even not the PIN-and-Chip based payment cards. All anti-cloning theories were already proven wrong, when a group of researchers found a way to hack the Credit and Debit cards based on the latest Chip-and-Pin technology. Back in 2012, we reported about a research paper entitled “ Chip and Skim: cloning EMV cards with the pre-play attack ” published ( old paper ) by team of researchers from the University of Cambridge, UK, who demonstrated that Chip and PIN payment card systems are also vulnerable to Card Cloning. The same team of researchers presented their EVM related research last Mond
Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

May 20, 2014Swati Khandelwal
Point-of-sale (POS) is the hottest topic in payment structures and its one of the most popular technology topics as well. A Point-of-sale (POS) machine is a computerized replacement for a cash register. It has ability to quickly process a customer's transaction, accurately keep the records, process credit and debit cards , connect to other systems in a network, and manage inventory. A basic POS system would consist of a computer as its core part provided with application specific programs for the particular environment in which it will serve, along with a cash drawer, barcode scanner, receipt printer and the appropriate POS software. Point-of-sale (POS) terminals are used in most industries that have a point of sale such as a service desk, including restaurants, lodging, entertainment, and museums. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the busi
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.