Let’s Have Some Fun

So yet another Point of Sale malware attack has been discovered…almost 6 months after the fact of course…and, yet again, our credit card data is being stolen.

Is anybody really surprised these days?  Really?

Don’t you get the sense that swiping your card is just giving information to hackers?

If there was only some way to get your credit card information to the card processing cloud without being compromised…

Oh wait, there is – so let’s have some fun.

This latest malware scans for credit card data by reading the tiny packets of information sent from your card to a remote cloud through the point of sale (PoS) scanner.  Until now, there has not been a way to essentially kick the PoS device out of the picture as it needs to read something in order to send that something over the wire.

Step 1, therefore, is to protect the actual content of your tiny packets of data in a manner that fools the PoS device.  Bear does this quite easily by encrypting only the very core of each packet but leaving the outside untouched.  In this manner, the PoS device thinks it is reading normal packets of information and sending those on their way.  With Bear on the other end, the payment processing cloud never knows the packets were encrypted and everything works exactly as it does today – no changes required.

While clearly a superior solution, those hackers are not really impacted more than being unable to read credit card information and that will just not suffice.

The way in which Bear protects the credit card data enables another level of data that can wreak havoc – this time directly on the hackers.  Instead of just preventing the hackers from reading credit card data, Bear can provide fake data in each packet to feed hackers credit card data predefined to capture them upon usage.  With this solution, the hackers gleefully grab thousands of credit cards but are then mysteriously tracked down and arrested the second they use any of those cards.

This type of trap is often called a honeypot as an intruder thinks they are getting the honey but tasting it will only get them stung.  While the honeypot approach has long been a countermeasure for network intrusions (and we have a better version of this as well), nobody has been able to reduce these traps to the level of a credit card.

Until now.

Best of all, the PoS scanners, payment networks, and processing clouds do not have to change ANYTHING.  Credit card companies can simply roll out Bear within their normal releases as cards expire and Bear handles the rest.

I wonder how many PoS malware attacks there will be when hackers can no longer trust the safety of the numbers they steal?!?