PoSeidon virus that targets EPOS systems

  • By Steve Gill
  • 31-03-2015
  • IntelliStore, Virus, EPOS

We have become aware of a new virus that specifically targets epos systems.

PoSeidon is basically a keylogger, capturing credit card data.

However we want to reassure our customers - even if any IntelliStore users were infected with this virus, it wouldn’t be able to capture credit cards, because all data is encrypted between the pin entry device (the PED) and the EFT provider’s servers.

In technical terms, IntelliStore is never passed a plain text PAN or track 2 data so it never has the card numbers in memory.

The only risk might have been our EFT provider’s software stored the card numbers in memory, so we reached out to our EFT providers for their comment. The following providers replied:

"We employ SRED protocol (secure reading and exchange of data). All data is dual encrypted on the ped (2048bit RSA and AES encryption) and only decrypted when it hits our PCI-DSS certified infrastructure." SagePay
"Our application, RA1, in combination with the iPP is PCI-P2PE certified. This guarantees that all cardholder data returned from the PED is encrypted and the solution architecture ensures that neither software on the PED or the POS can decrypt the data." Ingenico
"Card information is only ever stored when offline transactions are processed. The transaction information will never be stored in raw form and will always be encrypted. It is encrypted on the PED before it is stored, encrypted again on the POS, then decrypted once it reaches our payment gateway." Verifone

Hopefully this will re-assure you. If you have any specific questions, please feel free to post on our forum or indeed, in the comments below.