The origin of the compromise remains unknown at this time, but the data comes from card-present transactions at numerous businesses in the country. Stealing payment details from card-present transactions is typically done through planting malware on systems that connect to PoS devices. In many incidents, the attack vector was a remote desktop connection protected by default or easy-to-guess password.
Therefore, one possible explanation could be that a point-of-sale (PoS) integrator was breached since these services interface with payment devices from multiple merchants. Citing researchers at Gemini Advisory that monitor card-related activities on cybercriminal forums, Bleeping Computer mentions that South Korean payment records were in low demand in 2018 as the fraudsters had a large supply available.
This changed in 2019 when the supply remained the same but demand increased, the online publication continued.
Another observation from the researchers is that 3.7% of the compromised South Korean records were from US-issued cards that belonged to US owners visiting South Korea.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.