Tag Archives: Eft POS terminals

Attention South Africa POS Terminals-Dexter Malware on the prowl


The prime disadvantage of eBanking is the speed at which bad viruses can spread. The challenge for law-enforcement is to isolate the virus strain fast enough to develop anti-virus. Computer viruses like viruses in living beings also have variants.

The Dexter Malware is a computer virus which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012.


Visa issued an early warning in December 2012. The audience for the warning was Acquirer/Retial Merchant/VisaNet Processor.

Recently, a variant of the Dexter Malware hit the African POS terminals. The malware focused on the POS terminals in fast-food chains like KFC etc. As this respective malware strain was a variant of the original Dexter Malware, it took time to be detected.

In the meanwhile, the damage was occurring in the back-end. As the ‘card verification value’, is not used in Card Present Transactions (CPT), luckily the skimmed data could not be used for Online purchases.

The main targets were the Magstrip cards, and no chip cards were compromised. The cards produced from the malware have been sold and used in both Europe and the US.

It is still not clear as to how the Malware affected the POS Terminals, is it through physical-access attack (for example, by tampering with the credit/debit card reader or sticking a malware-laden USB driver into the POS box while the cashier is distracted or away) or through the internet when employees surf internet.

As the issue has international ramifications, investigation agencies (Interpol and Europol) from around the world are working with The South African Police Service (SAPS), to bring the syndicate or syndicates responsible for the data breach to book.

South Africa’s banking risk intelligence centre, Sabric, is managing the forensic investigation and working with the SAPS, where a case docket has been opened


Australian Credit Card Holders in near future need not Sign anymore on Merchant Slips


MasterCard and Visa in a joint application to the Australian Competition and Consumer Commission have supported PIN only credit card transaction. Both the major card issuers feel that the Signature requirement on Credit Card Slips is the major cause for credit card fraud.

Hence, they have opined that only PIN@POS be adopted to reduce the card fraud. PINs are difficult to be stolen, whereas signatures can easily be forged. Moreover, I am not sure as to how many merchants verify the signature on the card and on the slip. In India, the % is less .05%.

As PIN@POS involves a major infrastructure upgrade, small merchants are very receptive to this idea. Moreover they feel that the transactions volumes might reduce. Mobile eftpos terminals have to be brought or customers have to walk to the cash counter. This should not be a major deterrent, as the mobile eftpos terminals are not that expensive.

However, in India after introduction of an additional factor of authentication for CNP (Card-not-Present) transactions, the value and volume have gone up. Business associations had the same fear, that RBI’s move on CNP transactions would affect eCommerce. But, the Indian consumers are savvier.

Other card issuers like American Express, Diners also support Visa and MasterCard on this. However, American Express is not a signatory to the proposal, as signing the proposal might be viewed as cartelization!!

As it is already Visas’ PayWave, MasterCards’ PayPass, digital wallets, mobile apps, online payments do not use Signature as an authentication tool.