In today's world, card compromises are an all too common occurrence. Many automatically assume that it's an online store that's responsible due to all the news reports of companies that have been compromised. While this may be a possibility, all too often users forget to do the basics when their bank notifies them of a card compromise.
The very first thing you should do upon being notified is run multiple scans of your computer. Even today, computer infections are a very common source of card compromises. There is malware specifically designed to look for and steal your personal information as well as your banking credentials. And your run of the mill anti-virus programs are very poor in detecting some of the specialized malware programs designed to steal your information. Especially if it's a rootkit.
So, what should you do?
First thing to do is run several scanners, the first being Malwarebytes.
Free Anti-Malware & Internet Security Software
This is a free program that's very good in detecting common malware infections.
In addition to Malwarebytes, download and run the following rootkit scanners.
GMER
GMER - Rootkit Detector and Remover
TDSSKiller
TDSSKiller Download
Rootkit Buster - (32 bit versions of Windows only)
Trend Micro RootkitBuster Download
The problem with rootkits is there are different ways of hiding them on your machine. Unfortunately, there's no "one size fits all" program that can detect all rootkits. This is why it's best to run several scanners just to make sure.
Hopefully, you'll come up with a clean bill of health after running several scans. So what now?
Unfortunately, your information that's been stolen can take anywhere from a couple of weeks to several months to show up on sites that sell stolen information. This makes trying to track down the possible source virtually impossible, especially if you tend to use your card regularly.
The source of the compromise could be anywhere. A skimmer in the teller machine you last used to get cash, a skimmer in the gas pump when you filled up, even Point of Sale terminals are a juicy target for criminals. Once infected, a Point of Sale terminal will cheerfully forward every single card's information to a collection server. Once the crooks decide they've amassed enough information to make the sale worthwhile, they then post the information on sites that specialize in stolen credit card info.
And to make things even worse, cash teller machines often run on vulnerable versions of Windows. There are thousands of machines out there that still run Windows XP. And we're not just talking about those independent machines you see in a gas station or tucked away in the corner of a mall. There are thousands of teller machines used by banks that haven't been updated yet.
There's not much you can do about infected PoS terminals. However, if you shop online, there are steps you can take to help protect your information.
Before you click that "order" button
If you're cautious and do your homework prior to ordering on the Internet, you can greatly decrease your chances of getting nailed.
Granted, there's no sure fire method of ensuring your information doesn't get stolen short of not using a card and paying cash for everything and disconnecting from the Internet entirely. These days, it's not a question of "if your information gets stolen", but when.
The very first thing you should do upon being notified is run multiple scans of your computer. Even today, computer infections are a very common source of card compromises. There is malware specifically designed to look for and steal your personal information as well as your banking credentials. And your run of the mill anti-virus programs are very poor in detecting some of the specialized malware programs designed to steal your information. Especially if it's a rootkit.
So, what should you do?
First thing to do is run several scanners, the first being Malwarebytes.
Free Anti-Malware & Internet Security Software
This is a free program that's very good in detecting common malware infections.
In addition to Malwarebytes, download and run the following rootkit scanners.
GMER
GMER - Rootkit Detector and Remover
TDSSKiller
TDSSKiller Download
Rootkit Buster - (32 bit versions of Windows only)
Trend Micro RootkitBuster Download
The problem with rootkits is there are different ways of hiding them on your machine. Unfortunately, there's no "one size fits all" program that can detect all rootkits. This is why it's best to run several scanners just to make sure.
Hopefully, you'll come up with a clean bill of health after running several scans. So what now?
Unfortunately, your information that's been stolen can take anywhere from a couple of weeks to several months to show up on sites that sell stolen information. This makes trying to track down the possible source virtually impossible, especially if you tend to use your card regularly.
The source of the compromise could be anywhere. A skimmer in the teller machine you last used to get cash, a skimmer in the gas pump when you filled up, even Point of Sale terminals are a juicy target for criminals. Once infected, a Point of Sale terminal will cheerfully forward every single card's information to a collection server. Once the crooks decide they've amassed enough information to make the sale worthwhile, they then post the information on sites that specialize in stolen credit card info.
And to make things even worse, cash teller machines often run on vulnerable versions of Windows. There are thousands of machines out there that still run Windows XP. And we're not just talking about those independent machines you see in a gas station or tucked away in the corner of a mall. There are thousands of teller machines used by banks that haven't been updated yet.
There's not much you can do about infected PoS terminals. However, if you shop online, there are steps you can take to help protect your information.
Before you click that "order" button
If you're cautious and do your homework prior to ordering on the Internet, you can greatly decrease your chances of getting nailed.
Granted, there's no sure fire method of ensuring your information doesn't get stolen short of not using a card and paying cash for everything and disconnecting from the Internet entirely. These days, it's not a question of "if your information gets stolen", but when.
Last edited: