The National Commission for the Protection and Defense of Users of Financial Services (Condusef) has issued a fraud alert aimed at businesses that use Point of Sale Terminals (POS) to carry out credit and debit card transactions. The reason for this alert is due to the presence of “malware” that is installed in the POS, allowing the cloning of the data of a bank card with a chip to make purchases online or in other establishments.

According to drivingthe scammers They begin by posing as financial institution personnel, requesting remote access to the terminal from companies or small businesses in order to remotely infect it with a “malware”. Often the request is made under the guise of a “point of sale terminal system upgrade” (of the computer, not the physical card reader).

Once installed the malwarethe scammers can see the transactions made with the cardsintercept them and capture information, including redirecting card data to an external server without the business that owns the point of sale terminal or the cardholder noticing.

Among the information that criminals can obtain are the customer’s account number, card, expiration date, type of card and other data of the cardholder. The data obtained is loaded onto a “pigeon card” and, because the malware Allows you to manipulate the verification process of the cardholder’s authenticity, any number can be considered valid with a PIN. This allows the cloned card to be used for any type of purchase, be it in POS or online shopping.

Condusef alerts businesses

For this reason, the driving calls on businesses that use POS to be alert to this type of fraudulent maintenance or update service calls that seek clone the data of the original cards. Merchants must verify with the financial institution the terms of use of the POS and, before allowing any update, they must contact the corresponding financial institution.

Interpol issued a “purple notice” in September 2018 for the installation of the “prilex malware” in POS for clone credit and debit card details. Therefore, the driving recommends that the owners of establishments follow the following recommendations:

Verify with the financial institution the conditions of use of the Point of Sale Terminal before allowing any update, contact the financial institution.