Visa International has warned retailers that keylogging malware is on the rise hidden in card reading terminals.
The problem appears to be exacerbated due to the fact that most EPOS Tills are Windows-powered.
In an article at InfoSecurity, Mickey Boodaei says:
"Consumers, meanwhile, should also take precautions against keyloggers, says Boodaei, as criminals are increasingly targeting payment card information on the Internet.
Many malware variants, he explained, collect card data as customers type it in while making a purchase online. In addition, more sophisticated malware can also change payment pages on websites asking for additional card and personal information.
"Our research team have also come across malware variants that steal card information when you log onto your bank account. They frequently change the login page to request your card information and then send this information on to the criminals", he said.
According to Boodaei, the increasing sophistication of cybercriminals looking to rip-off retailers, as well as their card-carrying customers, is a problem that will not go away because, as existing avenues of card fraud are closed off, cybercriminals will attempt to open new ones up.
"Unfortunately, keyloggers are an ideal vehicle for card fraud, as they allow fraudsters to radiate trojans out via sophisticated bulk emailers and sit back for unwary recipients to click on the links and unwittingly install the keylogging malware on their Windows-driven machines", he said.
"Consumers can do their part by installing a browser add-in such as Trusteer's Rapport software, which is offered as a free download by banks such as HSBC, RBS/NatWest and the Santander Group. Retailers, meanwhile, should contact their till terminal supplier for advice on their own IT security options", he added.