19 February 2018
visit www.nextgenbanking.co.uk/

Charge Anywhere breach puts unencrypted card data at risk

11 December 2014  |  6858 views  |  0 Computer virus

US mobile payments outfit Charge Anywhere has admitted that malware has been lurking on its network for five years, putting unencrypted payment card data at risk.

The firm says that, after being asked to investigate fraudulent charges on cards, in September it discovered that crooks gained access to its network and installed the malware, which was used to capture segments of outbound traffic.

"Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorised person to capture and ultimately then gain access to plain text payment card transaction authorisation requests," says a statement.

These authorisation requests included names, account numbers, expiration dates and verification codes.

Charge Anywhere says that, although the person behind the attack had the ability to capture the network traffic as far back as November 2009, its investigations have only found evidence of data being taken between August and September this year.

The company has posted a searchable list of merchants that may have been affected and is advising people who may have shopped at them to check their account statements and inform their banks if they notice any unusual transactions.

It insists that the malware has been removed and that the problem did not affect any system or device at merchant locations, nor did it affect the systems of any ISO, processor, or other service providers.
KeywordsCARD FRAUD

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Retailer bebe suffers card security breach

Retailer bebe suffers card security breach

05 December 2014  |  7957 views  |  0 comments | 3 tweets | 3 linkedin
Target fails to get bank lawsuit dismissed

Target fails to get bank lawsuit dismissed

03 December 2014  |  6452 views  |  0 comments | 6 tweets | 9 linkedin
Crook dumps Target card details on Russian forum

Crook dumps Target card details on Russian forum

17 October 2014  |  8372 views  |  0 comments | 6 tweets | 5 linkedin
Kmart joins retailer hall of infamy following eftpos hack

Kmart joins retailer hall of infamy following eftpos hack

13 October 2014  |  5294 views  |  0 comments | 1 tweets | 6 linkedin
Russian faces further counts in POS hacking case

Russian faces further counts in POS hacking case

10 October 2014  |  6950 views  |  0 comments
US supermarket chain Supervalu confirms network hit by 'criminal intrusion'

US supermarket chain Supervalu confirms network hit by 'criminal intrusion'

15 August 2014  |  7802 views  |  0 comments | 6 tweets | 8 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.swift.com/your-needs/instant-paymentsVisit https://www.capgemini.comvisit www.ebaday.com

Top topics

Most viewed Most shared
Saudi central bank provides sandbox for banks to try out Ripple techSaudi central bank provides sandbox for ba...
11293 views comments | 16 tweets | 12 linkedin
ABN Amro moves escrow accounts to the blockchainABN Amro moves escrow accounts to the bloc...
8849 views comments | 15 tweets | 13 linkedin
ECB launches staunch defence of cashECB launches staunch defence of cash
8741 views 10 comments | 22 tweets | 26 linkedin
Aussie real-time payments platform goes liveAussie real-time payments platform goes li...
8714 views comments | 15 tweets | 43 linkedin

Featured job

Find your next job