Learn how to protect yourself from the scam that frauds your credit card by approximation

A consumer who uses the credit card approach to pay for a purchase may be surprised by an unusual error message on the card machine screen.

This is because the Brazilian group of cybercriminals Prilex managed to circumvent the security of payments by proximity. A new malicious program (malware) from the group, identified by the cybersecurity company Karspersky, blocks the machine’s approach payment processing, forcing the buyer to insert the card.

The malware then connects with the criminals and sends them, rather than the financial institution, the payment information — and may even take the card data used.

As store machines and systems are usually infected through social engineering, business owners and sellers must be careful not to allow intrusions.

Scammers contact establishments via emails or phone calls, pretending to be employees of a bank or card machine company, and request the download of a remote access program on the computer, generally used by technical support teams.

“With this software running, the criminal can access the computer remotely. From there, he can access the network and choose the targets where he will install Prilex”, said Fabio Assolini, head of the Global Research and Analysis Team (Great) of Kaspersky in Latin America.

However, the card machine that is connected to that computer at the point of sale is not affected. Prilex’s target is, in fact, the computer and the software that processes the payment made at the vending machine.

“It is very important that establishments have protections on these computers. They need to be well protected with good antivirus software, software that blocks the installation of third-party programs. It is also important that employees are trained to identify this type of approach when it occurs” , explains Assolini.

A tip for email approaches is to notice the domain the messages came from — what appears after the “@”. If it is not one of the official channels of the contracted companies, the best thing to do is not to click on the links sent.

Proximity payments, made by just touching a credit card or electronic device (such as a cell phone or smart watch) to the machine, have become popular in recent years and are considered to be safer.

In them, each purchase has a unique identifier, that is, even if the information is captured by criminals, it is of no use. Therefore, criminals seek to circumvent this form of payment.

In a note, Abecs (Brazilian Association of Credit Card and Services Companies) said it did not detect evidence of this malware in action. “Payment by approximation is a secure technology, adopted in various parts of the world, with the same security parameters required in Brazil”, he says.

As a precaution, customers can also pay attention to the error message displayed by the machine, which in the version identified by Kaspersky was: “ERROR APPROXIMATION (sic) INSERT THE CARD (sic)”. This text may change in other versions of the malware.

For the consumer who was affected, the recommendation is to go to the bank to challenge the undue charge on the card and file an incident report.

He should also keep an eye on his credit card statement. If an unrecognized double transaction is detected, it is recommended to quickly contact your bank or card issuer.

According to Fabio Assolini, head of research at Kaspersky in Latin America, the number of detections of this virus in operation is still not high, which may indicate that it is being tested.