How credit card data is vulnerable to a keylogger
For the n the payment card industry, the migration from magnetic strip to EMV chip technology over the last several years has greatly reduced fraud, however if a device is infected with a keylogger, credit card data is still vulnerable. A true example of this came to light on August 14 when the Cambria Hotel Nashville Downtown put out this notice to its customers: "We learned on May 28, 2020 that malware that logs keystrokes had been installed on one of the three computers at our front desk. So for the instances where payment card information was typed-in on this one computer, the keylogger would record what was typed and then send that information out of the network. We believe the keylogger was installed on this computer in 2019 before we purchased this property.
The customer information recorded by the keylogger may include name, address, phone number, payment card number, expiration date, and potentially email address. We are mailing letters to those customers we were able to identify. We were not able to identify addresses for some, so we are providing this notice. It is always advisable for customers to review their payment card statements for any unauthorized activity and immediately report any unauthorized charges to their card issuer using the number provided on the back of the payment card.
We regret that this incident occurred and sincerely apologize for any inconvenience." This hotel had keylogging spyware on their computer for a full year before it was ever detected. That is because a majority of malware has the ability to change its form and evade antivirus detection.
EndpointLock Keystroke Encryption is an easy to install software that works to block both undetected and existing keyloggers from logging keystrokes. The Nashville hotel could have avoided any loss of credit card data if they had installed EndpointLock to each of their devices.