25 November 2017
visit www.avoka.com

Charge Anywhere breach puts unencrypted card data at risk

11 December 2014  |  6788 views  |  0 Computer virus

US mobile payments outfit Charge Anywhere has admitted that malware has been lurking on its network for five years, putting unencrypted payment card data at risk.

The firm says that, after being asked to investigate fraudulent charges on cards, in September it discovered that crooks gained access to its network and installed the malware, which was used to capture segments of outbound traffic.

"Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorised person to capture and ultimately then gain access to plain text payment card transaction authorisation requests," says a statement.

These authorisation requests included names, account numbers, expiration dates and verification codes.

Charge Anywhere says that, although the person behind the attack had the ability to capture the network traffic as far back as November 2009, its investigations have only found evidence of data being taken between August and September this year.

The company has posted a searchable list of merchants that may have been affected and is advising people who may have shopped at them to check their account statements and inform their banks if they notice any unusual transactions.

It insists that the malware has been removed and that the problem did not affect any system or device at merchant locations, nor did it affect the systems of any ISO, processor, or other service providers.
KeywordsCARD FRAUD

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Retailer bebe suffers card security breach

Retailer bebe suffers card security breach

05 December 2014  |  7871 views  |  0 comments | 3 tweets | 3 linkedin
Target fails to get bank lawsuit dismissed

Target fails to get bank lawsuit dismissed

03 December 2014  |  6413 views  |  0 comments | 6 tweets | 9 linkedin
Crook dumps Target card details on Russian forum

Crook dumps Target card details on Russian forum

17 October 2014  |  8223 views  |  0 comments | 6 tweets | 5 linkedin
Kmart joins retailer hall of infamy following eftpos hack

Kmart joins retailer hall of infamy following eftpos hack

13 October 2014  |  5242 views  |  0 comments | 1 tweets | 6 linkedin
Russian faces further counts in POS hacking case

Russian faces further counts in POS hacking case

10 October 2014  |  6853 views  |  0 comments
US supermarket chain Supervalu confirms network hit by 'criminal intrusion'

US supermarket chain Supervalu confirms network hit by 'criminal intrusion'

15 August 2014  |  7737 views  |  0 comments | 6 tweets | 8 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.response.ncr.comvisit www.capgemini.comvisit www.solutions.lexisnexis.com

Top topics

Most viewed Most shared
Sepa instant payments goes liveSepa instant payments goes live
10972 views comments | 46 tweets | 79 linkedin
ING brings data privacy to blockchain transactionsING brings data privacy to blockchain tran...
9533 views comments | 25 tweets | 37 linkedin
hands typing furiouslyHow Fintech Companies are disrupting the C...
8198 views 0 | 20 tweets | 9 linkedin
Axis Bank uses Ripple to open new payment corridors between the UAE and SingaporeAxis Bank uses Ripple to open new payment...
8138 views comments | 8 tweets | 22 linkedin
UK Open Banking expanded to cover all PSD2 productsUK Open Banking expanded to cover all PSD2...
7824 views comments | 21 tweets | 47 linkedin

Featured job

Find your next job