The information on these magnetic strips, known as “track2” data, is comprised of the cardholder’s primary account number and PIN, or, personal identification number. When not encrypted, this information becomes extremely valuable and can be used for making fraudulent charges, or for cloning debit and/or credit cards. Unencrypted data is what arguably gives the backoff virus its life and ferocity.
While POS malware of the like was once restricted to desktop computers, mobile technology has since changed this dynamic. Today, the backoff virus can potentially be installed on any device by way of hacked remote applications used for configuring POS systems. And, by using keylogging and bruteforce-like tactics, the attacker is able to force authentication (AuthN) and authorization (AuthZ), and avoid detection afterwards.
This means that even if you think you have detected and removed the backoff virus, you are most likely mistaken. This POS malware is stealth and not easily removed from the devices on which it has taken root. It usually goes undetected—invoking when track2 data is introduced to the system and scraping RAM and virtual memory to find its unencrypted parts. It can therefore be concluded that the backoff virus is capable of scraping credit card memory, too.
Many types of businesses which use third-party or vendor-supplied software to handle transactions have fallen victim to some form of the backoff virus. But there are various ways to protect your application and system from it; first, by realizing that it isn’t just confined to your desktop or workstation. Modern POS malware uses remote desktop platforms to achieve volatility. Because of this, it is advisable that your security measures include multi-tiered protection.
Network security is perhaps the most important component in this mix. Consistent evaluation of firewall configurations, ports and white-listed IP addresses is essential for warding off hackers and POS malware from filtering data to their respective IP addresses. Additionally, you should limit the number of users who have remote access to any given POS system and reinforce effective security policies through strategies like two-factor authentication.
Finally, it is important to only install and use POS software that is compliant with the Payment Application Data Security Standard, also known as PA-DSS. If you suddenly discover any software installed on your device that wasn’t there previously (or which may be of no clear or direct use), then you should avoid accessing it and uninstall it immediately. Each of these security measures, coupled with the use of complex passwords and prompting users to change them frequently, are an effective strategy for avoiding and/or combating the backoff virus.