A previously unseen malware program, suspected to have been created in Eastern Europe, has infected POS systems in at least 11 countries and stolen details of 50,000 cards.

RSA FirstWatch’s discovery of the Trojan virus, named “ChewBacca”, comes not long after retailers in the US were targeted through their POS platforms.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Richard Moulds, VP of strategy at Thales e-Security, said: “The ChewBacca findings simply confirm something we already know, regular PCs and servers can’t be secured.

“In-store point of sale terminals are particularly vulnerable because they handle highly sensitive card holder data, they exist in large numbers so are hard to manage and yet are in notoriously insecure places – the retail store.”

RSA, an organisation that researches and analyses malware, found that infection had mainly occurred in the US, perhaps because the Trojan works by scraping magstripe data from POS.

Other countries affected included Russia, Canada and Australia.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Moulds argued for greater encryption of data, saying: “We already have a solution for protecting PINs and it works just fine, we rarely see stories of stolen PINS.

“PINs are encrypted directly in the card reader itself by physically hardened circuitry as soon as they are entered by the shopper.

“Encrypt or tokenise cardholder data at the point of capture and decrypt only on a need to know basis and only in trusted environments. It really requires a shift of mindset.”

Related articles:

American data theft victims not deterred from using credit cards – Ipsos and Reuters

1.1m Neiman Marcus customers hit by US card data breach

US banks and retailers in slanging match over Target breach