Experts at Kaspersky Lab claim that Brazil as a destination consists of resourceful and active criminals specializing in credit card cloning. Unfortunately, they tend to target foreigners who do not know that – by what means they would protect their cards while withdrawing money from an ATM or in some instance which requires them to pay for drinks in an eatery.
Nevertheless in the wake of such developments and trends, the specialists do have some useful tips up their sleeves to be able to shield against the most common attacks on ATMs as well as point of sales (PoS) devices in Brazil.
Need of the Hour: Ducking credit card cloning
PoS devices are very commonplace in Brazil – as stated by the Brazilian Central Bank, credit and debit cards make up 70% of all payments in the country. What’s more, Chip-and-PIN cards are accepted by almost all businesses, even by the fraternity of cab drivers.
Regardless of some recent news involving security flaws in the protocol, chip-and-PIN cards are still more secure and harder to replicate than magnetic swipe cards. If you don’t already have this type of card, do ask your bank if it’s possible to avail one before you travel.
In Europe and North America, a lot of people have this overlooked practice of handing over their cards to staff in restaurants and stores. In Brazil, this can prove perilous.
Despite the fact that ignorance is bliss, a piece of advice here stands that – you’re bestowing fraudsters literally with a golden opportunity to duplicate the card, and the lure is without a doubt too strong to resist. Request the staff to fetch the electronic payment terminal to you.
Also, remain careful of chance meetings or for that matter, accidents which might take away your card out of reach for an instant. If this takes place, check that the card you get back is really yours. If you have any hesitations, do report it straightaway to the bank.
PoS, PIN-pad malware
Alleged Chupa Cabra malware as well as Trojan-Spy.Win32.SPSniffer, comes as a malware family with several variants developed in Brazil and witnessed in the wild since 2010, affects PoS and PIN-pad devices, both of which are very common in the country. These devices are connected to a computer via a USB or serial port to be able to communicate with electronic funds transfer (EFT) software. The Trojan from its part infects the computer and sniffs the data transferred by means of these ports.
The PIN is encoded using the triple DES encryption. But Track 1 data (credit card number, expiration date, service code and CVV) and the public chip data aren’t encrypted in the hardware of old and obsolete devices. These are sent in plain text to the PC via USB or serial ports. Seizing this data is sufficient to be able to clone a credit card.
Keep a close eye on your credit card statement to check all dealings and report to your bank immediately if you see something doubtful.
Wherever possible try to pay by making use of a wireless PoS device – they are a bit safer than the older ones connected to serial or USB ports.
Making Use of ATMs in Brazil
Brazil consists of 118 ATMs per 100,000 adults as stated by the World Bank, placing it ninth in the world in terms of ATM numbers. This presents lots of opportunities for fraudsters to be able to set up skimmers, also identified as “Chupa Cabra” devices.
Do Make Use of your hand to cover the key pad while you enter your PIN, it is an effective method to be able to outwit most skimmers, which tend to rely on hidden cameras.
If you see something that doesn’t look right, inform the bank or for that matter, proprietor of the machine, and go somewhere else to take out your cash.
“Be cautious while using ATMs or paying with your credit card. Don’t forget that cybercriminals in Brazil perform their malicious schemes all the time. Even during the day you can see them hanging out, wearing flip-flops and beachwear while installing skimmers in a crowded bank. Also remember that it’s far more secure if your transactions happen right in front of you. Be careful of chance encounters or accidents which might take your card out of reach for a moment. If that happens, check that the card you get back is really yours. If you have any doubts, immediately report the incident to the bank,” alleged Fabio Assolini, Senior Security Researcher with Kaspersky Lab’s Global Research & Analysis Team.