In an interview with Brenda Eaden, CEO of IDTELi, LLC, she stated that Credit Unions may be at risk for Keylogger attacks similar to Heartland Payment Systems’ attack where many millions of credit cards were stolen over a several month period. “The final number may very well far exceed early reports”, she said. “The Keyloggers, most likely, were the Polymorphic types, that can change credit card their signature, often as once an hour, making them difficult, if not impossible to find and remove by conventional means. It’s the undetectable Keyloggers that pose the biggest threat not only for them but for every financial institution”, Ms Eaden said.
In an article published in Information Week on January 20, 2009, the President and CFO of Heartland Processing Systems, Robert H.B. Baldwin Jr, was quoted as stating “…that the breach was the result of keylogging malware, which covertly captures anything typed on an infected computer, such as user names and passwords.
Ms Eaden further stated, “credit unions are still at risk of having information stolen even though most credit unions employ any of security programs. The area between the keyboard and the browser is not secure which makes interception of usernames and passwords easy, giving thieves the ability to install “sniffers.” That is why most Keyloggers reside in the keyboard and the majority of them cannot be detected by any anti-virus, anti-spyware, firewalls or filters”.