16 July 2018
Visit www.avoka.com

Charge Anywhere breach puts unencrypted card data at risk

11 December 2014  |  6959 views  |  0 Computer virus

US mobile payments outfit Charge Anywhere has admitted that malware has been lurking on its network for five years, putting unencrypted payment card data at risk.

The firm says that, after being asked to investigate fraudulent charges on cards, in September it discovered that crooks gained access to its network and installed the malware, which was used to capture segments of outbound traffic.

"Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorised person to capture and ultimately then gain access to plain text payment card transaction authorisation requests," says a statement.

These authorisation requests included names, account numbers, expiration dates and verification codes.

Charge Anywhere says that, although the person behind the attack had the ability to capture the network traffic as far back as November 2009, its investigations have only found evidence of data being taken between August and September this year.

The company has posted a searchable list of merchants that may have been affected and is advising people who may have shopped at them to check their account statements and inform their banks if they notice any unusual transactions.

It insists that the malware has been removed and that the problem did not affect any system or device at merchant locations, nor did it affect the systems of any ISO, processor, or other service providers.
KeywordsCARD FRAUD

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Retailer bebe suffers card security breach

Retailer bebe suffers card security breach

05 December 2014  |  8093 views  |  0 comments | 3 tweets | 3 linkedin
Target fails to get bank lawsuit dismissed

Target fails to get bank lawsuit dismissed

03 December 2014  |  6542 views  |  0 comments | 6 tweets | 9 linkedin
Crook dumps Target card details on Russian forum

Crook dumps Target card details on Russian forum

17 October 2014  |  8581 views  |  0 comments | 6 tweets | 5 linkedin
Kmart joins retailer hall of infamy following eftpos hack

Kmart joins retailer hall of infamy following eftpos hack

13 October 2014  |  5379 views  |  0 comments | 1 tweets | 6 linkedin
Russian faces further counts in POS hacking case

Russian faces further counts in POS hacking case

10 October 2014  |  7072 views  |  0 comments
US supermarket chain Supervalu confirms network hit by 'criminal intrusion'

US supermarket chain Supervalu confirms network hit by 'criminal intrusion'

15 August 2014  |  7891 views  |  0 comments | 6 tweets | 8 linkedin

Related blogs

Create a blog about this story (membership required)
Visit www.aciworldwide.comVisit http://go.jumio.com/finextraAdVisit https://secure.vasco.com

Top topics

Most viewed Most shared
Flux ready for take-off on Barclays Launchpad; scores trial with Costa CoffeeFlux ready for take-off on Barclays Launch...
10532 views comments | 4 tweets | 9 linkedin
Handelsbanken trials micro contactless cardsHandelsbanken trials micro contactless car...
9526 views comments | 18 tweets | 30 linkedin
PayPal ready to spend $3bn a year on acquisitionsPayPal ready to spend $3bn a year on acqui...
8085 views comments | 13 tweets | 17 linkedin
Championing financial inclusion and helping the UnstoppablesChampioning financial inclusion and helpin...
8004 views comments | 3 tweets | 1 linkedin
No greater change will occur than that in financial servicesNo greater change will occur than that in...
7626 views comments | 7 tweets | 13 linkedin

Featured job

Basic c Euro 120K, Variable Euro 120K - full ben...
Paris prefered London possible

Find your next job