Software Automates “Replay” Attacks on Credit Card Transactions

April 9, 2015, Written By Bill Hardekopf
Businessman With Credit Card Shopping Online At Office Desk

Recently, KrebsOnSecurity discovered a software program on a popular online cybercrime forum that automates “replay” attacks on credit card transactions. The software, known as “Revolution,” allows fraudsters to push stolen magnetic strip card transactions through a payment processor as chip-based transactions, even if the cards have not yet been released with EMV technology.

Revolution’s creator is an experienced hacker who specializes in credit card skimming. His program comes with a list of U.S. financial institutions that are fully prepared to accept chip-based card transactions. These banks are not equipped to identify fraudulent chip transactions at this time, making them easy targets for fraudsters with the right technology, like Revolution.

Some analysts believe criminals are focusing on fake EMV transactions because banks in the United States are under the assumption that chip-and-PIN technology is significantly safer than magnetic strip technology. Thus, they have relaxed their security standards, and hackers are on the hunt for loopholes they can use during the shift to EMV cards.

Replay attacks were discovered late last year, and they played an influential role in the Home Depot breach.

The country is approaching an October, 2015 deadline for chip embedded credit cards. Nevertheless, software like Revolution does leave a large portion of cardholders and businesses vulnerable to attacks until banks tighten up their security measures.

The information contained within this article was accurate as of April 9, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.