Thieves in Russia have found a new way to commit debit card fraud using an ATM machine. Basically how it works is that thieves use an inside man to install malware software on the ATM computer. The malware software enables a thief to insert a “trigger” card into the ATM which then has the malware use the ATM printer to print a list of debit card numbers used that day to include their expiration dates and PINs. With this information, the thieves can commit all types of debit card fraud by either selling the debit card information or creating debit cards with the stolen card information for their own personal use.
The malware on the ATM computer masquerades as a legitimate Windows software program called Isass.exe. This software is used by most Windows users to store passwords such as e-mail so you do not need to re-type your password every time you access your e-mail or Twitter account. This software works fine for regular Windows users, but it has no place on the computer that runs an ATM machine. See NEWSCIENTIST’s posting, Cash machines hacked to spew out card details, for more details on this new type of debit card fraud.
