Cybercriminals Repurposing ATM EMV Malware

Using credit and debit cards is convenient for most everyone.  The plastic currency takes away the need to carry large sums of cash.  This probably the main reason paying by card has become the preferred method of payment for many people.  It is as simple as swiping a card or inserting your chip. The transaction is typically secure, and the credit card company shares some of the liability.  

However, as cyber-attacks become more sophisticated, entering a PIN number or using a chip may no longer suffice in protecting digital assets.  In fact, chips may unknowingly be the root cause of spreading malware across multiple point of sales (POS) systems. According to Booz Allen Hamilton’s 2019 Cyber Threat Outlook report, hackers have begun installing command-and-control malware on infected EMV device readers.  What does this mean? Simply put, using your cards at random ATMs is not advised. Cybersecurity begins with using trusted ATMs.

How Does It Work?

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards and IC card capable point of sale terminals and automated teller machines, for authenticating credit and debit card transactions.

Chip technology was created to add an extra layer of fraud protection during credit card transactions, but criminals have found a way to exploit it. Hackers are planting command-and-control malware in ATM EMVs to compromise credit card information without drawing anyone’s attention. The malware bypasses the chip’s security measures and as a result discloses private data, which allows hackers to successfully rob thousands of people without their knowledge.  

In addition, cybercriminals are using similar botnets to contaminate credit card chips with malware that will spread from one POS system to the next at the swipe of a card.  This gives them direct access to large databases filled hundreds of thousands of card numbers, sales transactions, and customer information. With this data in hand, hackers can disrupt security networks and profit of sales.  And with little to no effort required on their end, criminals can sit back and wait as their victims unknowingly infect multiple computer systems. Infecting the ATM EMVs serves a dual purpose. It’s like killing two birds with one stone, and from a hacker’s perspective, that’s genius.

Protecting Yourself

EMV cards are primarily designed to prevent fraudulent transactions that take place when someone physically swipes a counterfeit card at a payment terminal.  And chip card technology works. In countries that have adopted EMV as the standard, certain types of credit card fraud have dramatically declined.

The bad news is that its rather difficult to tell whether an ATM has been infected with malware before you insert your card.  The good news is that you don’t have to use any random ATMs, unless you’re stuck in the middle of nowhere, but even then, it would be wise to have some cash on you.  Trusted bank ATMs are always the way to go. Just because you are in a brand name hotel for instance, does not mean the ATM owner is a trusted banking source. This is especially true when you are on that great vacation in the Caribbean or the far east.

As of right now, there’s not much you can do once your card has been infected with a form of malware.  Aside from shredding it, you should immediately notify your bank if any suspicious activity is reported.  Business owners are advised to implement monitoring systems that allow them to see who, if anyone, is accessing their POS system after hours of operation.  By doing this, any suspicious behavior can be detected and stopped before it has the potential to get out of hand.

Chip Technology

Repurposing ATM EMVs is just one example of how cybercriminals exploit technology that is meant to safeguard our digital assets.  Unfortunately, there are countless other ways that are available to them, as well. As cyber espionage continues to grow, people around the world stand to lose more every day.  Perhaps chip technology experts must turn back to the drawing board to create a more secure firewall system to fight against increasingly sophisticated malware attacks. In addition, banks have to do a better job of warning their customers.  Suspiciously, they provide theft information related to criminal tactics, but banks are hesitant to let people know there is a chink in the bank provided chip.