Software Automates “Replay” Attacks on Credit Card Transactions
Recently, KrebsOnSecurity discovered a software program on a popular online cybercrime forum that automates “replay” attacks on credit card transactions. The software, known as “Revolution,” allows fraudsters to push stolen magnetic strip card transactions through a payment processor as chip-based transactions, even if the cards have not yet been released with EMV technology.
Revolution’s creator is an experienced hacker who specializes in credit card skimming. His program comes with a list of U.S. financial institutions that are fully prepared to accept chip-based card transactions. These banks are not equipped to identify fraudulent chip transactions at this time, making them easy targets for fraudsters with the right technology, like Revolution.
Some analysts believe criminals are focusing on fake EMV transactions because banks in the United States are under the assumption that chip-and-PIN technology is significantly safer than magnetic strip technology. Thus, they have relaxed their security standards, and hackers are on the hunt for loopholes they can use during the shift to EMV cards.
The country is approaching an October, 2015 deadline for chip embedded credit cards. Nevertheless, software like Revolution does leave a large portion of cardholders and businesses vulnerable to attacks until banks tighten up their security measures.