South African banks roiled by hacked KFC credit card terminals

Sales devices corrupted by malicious software at fast food outlets have cost financial institutions tens of millions of rand, resulting in one of the country’s worst breaches of customer card data.

KFC was particularly hard hit by the malware, called Dexter. The breach affected most of South Africa’s card-issuing banks.

The infection came from overseas, possibly involving a crime syndicate based somewhere in Europe, Payments Association of South Africa CEO Walter Volker said. The South African Police Service, Interpol and Europol are all involved in an investigation to bring the syndicate or syndicates responsible to justice.

Banks noticed unusual levels of suspected fraud at certain fast-food restaurants earlier this year.

“It took quite a while to get to the bottom of [this incident], because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up,” Volker said. “This one was a variant that was changed to [avoid detection] by the antivirus software.”

When account holders presented their cards to be swiped, malware hidden in the infected terminals read the card numbers and sent this information to a syndicate.

Card numbers filched by the Dexter variant already have been used to make in-store purchases in the United States. “This has led to arrests,” Tech Central reports.

The hackers did not copy the “card verification value” security numbers on the backs of the cards, so criminals are not able to use the cards to shop online.

Volker assured that “all the fast-food retailers have been cleaned out as far as possible...We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket [as the banks will honor losses].”

He added that it’s “very difficult” to estimate how many cards have been compromised, but it’s “certainly not in the millions.”

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.