Some Experts Say Merchants Are Slow to Implement Chip Cards, Security Measures
hreat actors are increasingly targeting the APAC region – especially South Korea – for payment card fraud, according to recent report from Gemini Advisory.
For example, a group of hackers recently stole information on more than 1 million credit cards in South Korea, targeting transactions made at point-of-sale terminals.
The Gemini Advisory report says more than 1 million credit card records from South Korea have been posted for sale on the dark web since May 29, 2019.
“South Korea’s high card-present fraud rates indicate a weakness in the country’s payment security that fraudsters are motivated to exploit,” says Stas Alforov, security researcher at Gemini Advisory. “As this global trend toward increasingly targeting non-Western countries continues, I feel both the supply and demand for South Korean-issued CP records in the dark web will likely increase.”
The statistics illustrate the growth of the problem. Alforov says 42,000 compromised South Korean-credit card records were posted for sale on the dark web in May. That number grew to 230,000 in June and 890,000 in July.
The graph shows spike in card fraud in South Korea in June. (Source: Gemini Advisory)
Missing Security Steps
Alforov tells Information Security Media Group that the failure of many South Korean merchants to shift to accepting EMV chip card transactions at their POS devices appears to have contributed to the surge in credit card information theft, along with a failure to take other security steps. Another factor, some experts say, is a lack of security measures at POS integrators. (see: Mastercard’s Ron Green on Payment Card Fraud)
“In this particular case, it appears that while South Korea mandated the switch to EMV at the end of 2018, there are still some merchants lagging behind, which is why we are seeing over 1 million card-present records compromised” because of data stolen from magnetic stripe card transactions, he says. EMV cards store encrypted data on a chip, making card-present data theft far more difficult.