Contactless payments have taken off in the United States and other markets in recent years, but now a piece of malware has emerged that can block wave-and-pay or tap-to-pay transactions and force users to insert their cards in a terminal instead, according to a new report by the Moscow-based global cybersecurity firm AO Kaspersky Lab. That makes it easier for fraudsters to steal key card-related data that would otherwise be masked by a unique identifier useless to thieves, according to reports.
The latest point-of-sale threat is called Prilex, and is derived from older malware targeted at ATMs, according to the Kaspersky report, which describes Prilex as “highly advanced malware.” Since discovering Prilex in November, the firm says it has identified three versions of the malware that can block contactless payments.
The strategy behind Prilex is to cut off near-field communication between a card, keyfob, or mobile phone and a contactless-payments terminal at the point of sale. An NFC transaction typically yields a card number or other identifier unique to that transaction, frustrating cyberthieves looking to steal card numbers they can re-use.
When Prilex detects a contactless transaction and blocks it, the user is forced to insert the card instead or resort to some other form of payment. The malware artists have also begun to refine Prilex to target high-value cards, such as those deemed to have a high credit limit, according to the report.
“While the [fraudsters are] looking for a way to commit fraud with unique credit card numbers, this clever trick allows [them] to continue operating,” Kaspersky says in its report.
Contactless transactions are growing fast in popularity, as Visa reports they now account for 54% of its card-present transactions around the world. The technology controls 28% of U.S. in-store transactions, a share that has quintupled since the onset of the pandemic. the card network says.