Keylogging detection software?

Laneyh

Hi,

My visa debit card has been compromised. There are a number of spurious transactions using it.
I've blocked the card and the issue is with my bank's fraud team.

I'm assuming my card details were captured online somehow but I would also like to check my laptop to see if there is a keylogger running on it.

Anyone recommend some good software to use?

Thank you

Pat Mustard

I'm going to defer to the experts who post here, but you could start by trying Malwarebytes and Spybot Search & Destroy.

I also use Keyscrambler, but I don't know how effective it is.

Stuxnet

Run malwarebytes with the computer in "Safe Mode"

install, and update malwarebytes, then reboot hitting "F8" usually to boot into safe mode, that will catch anything un-toward.

syklops

Stuxnet wrote: »

Run malwarebytes with the computer in "Safe Mode"

install, and update malwarebytes, then reboot hitting "F8" usually to boot into safe mode, that will catch anything un-toward.

That will catch anything untoward if malware bytes has a signature for it. I was at a talk recently and there was an analyst from FireEye who said they were seeing malware releases that were obsolete within hours, meaning by the time a signature had been created and pushed out to a client the malware was deactivated, and in some cases had deleted itself. You can also buy a keylogger that is undetectable and if only installed on a small number of systems, will never become detectable.

OP, by all means scan yourself, but there is no guarantee it will find anything. Maybe try and figure out how your CC details got out in the wild. My money would be on an insecure wireless access point you connected to.

markpb

syklops wrote: »

OP, by all means scan yourself, but there is no guarantee it will find anything. Maybe try and figure out how your CC details got out in the wild. My money would be on an insecure wireless access point you connected to.

It could also have been compromised at any merchant, online or retail where it was used at any time in the recent past. To me, this is far more likely than a problem with your machine or network (unless you're in the habit of typing your card details into http sites). It's also likely that Visa had already figured out which merchant is the likely culprit before your bank called you.

Scoobydoo 2

markpb wrote: »

It could also have been compromised at any merchant, online or retail where it was used at any time in the recent past. To me, this is far more likely than a problem with your machine or network (unless you're in the habit of typing your card details into http sites). It's also likely that Visa had already figured out which merchant is the likely culprit before your bank called you.

Would agree with this as my card details were used in the states where chip & pin is not mandatory
I have never been to the states and never used my visa debit on line ever yet someone managed to walk into a shop and buy $1000 dollars worth of books using merely only my card number
chances are it was taken during one of the many security breaches like the loyalty build one not so long ago 500.000 customers details
by all means take all reasonable precautions virus scans and malware scans
but don't fret if you don't find anything on your pc

but don't overlook your smart phone if you use it to check your account details or pay for stuff online

Thing to keep in mind is that its not a credit cardit is a visa debit card and is not covered by the same guarantees that an actual credit card is
so stick to your guns that you did not leave your card lying around with the pin written on it or gave it to anyone else or anything silly like that that may give them a reason not to pay as this is not a credit card

28064212

Scoobydoo 2 wrote: »

Thing to keep in mind is that its not a credit cardit is a visa debit card and is not covered by the same guarantees that an actual credit card is

That's incorrect:

The level of consumer protection in Ireland is the same for both credit and debit cards.

Laneyh

Thanks for all the replies, I'm not sure I will be able to trace how and when the card was compromised but it is no harm to be additionally cautious and security aware anyway.

The bank are sending me out a disclaimer form, so hopefully once I return that I'll be reimbursed.

Thanks again for your help

Laneyh

markpb wrote: »

It could also have been compromised at any merchant, online or retail where it was used at any time in the recent past. To me, this is far more likely than a problem with your machine or network (unless you're in the habit of typing your card details into http sites). It's also likely that Visa had already figured out which merchant is the likely culprit before your bank called you.

Yes I agree I think it was an online transaction but just going to cover all bases now.
Understandably I got a bit of a shock when my account was pretty much cleaned out.
I'd like to do everything I can to prevent that happening again.

Scoobydoo 2

28064212 wrote: »

That's incorrect:

Is it really


No credit limit applies on visa debit, so your bank account could be cleaned out . At least with credit card, a credit limit applies and and you should not be out of pocket in this scenario. If any overdraft charges are applied, and missed direct debits, then you have to discuss with the bank to try to get them to waive these charges
Good look with that .

Impetus

Scoobydoo 2 wrote: »

Would agree with this as my card details were used in the states where chip & pin is not mandatory
I have never been to the states and never used my visa debit on line ever yet someone managed to walk into a shop and buy $1000 dollars worth of books using merely only my card number
chances are it was taken during one of the many security breaches like the loyalty build one not so long ago 500.000 customers details
by all means take all reasonable precautions virus scans and malware scans
but don't fret if you don't find anything on your pc

but don't overlook your smart phone if you use it to check your account details or pay for stuff online

Thing to keep in mind is that its not a credit cardit is a visa debit card and is not covered by the same guarantees that an actual credit card is
so stick to your guns that you did not leave your card lying around with the pin written on it or gave it to anyone else or anything silly like that that may give them a reason not to pay as this is not a credit card

The law has not caught up with banking technology changes. Back in the day, you were protected (and still are) if somebody forges your signature to a cheque -
Section 24 of the Bills of Exchange Act 1882 (which governs cheques) provides that if a bank pays on a forged cheque, the bank is liable*.

We now have ATMs, online banking, phantom withdrawals, skimmers, online shopping, mail order, telemarketing, debit cards, charge cards, prepaid cards, and the only card with any form of legal protection is the “revolving credit card” - presumably because money is being lent, and a proper signature is required (which can include an electronic signature).

It is high time the law of the land was updated to provide protection to bank customers for all types of method of payment. This would force the banks and the Visa/MC system to look again at their procedures for cardholder not present transactions for example. Every bank should have multi-factor authentication (a) to authenticate the login to the banking system and (b) to separately authenticate each payment instruction. The latter requires that part of the payment data (eg the IBAN of the payee) goes into the multi-factor authentication encryption process - to prevent replay attacks. Otherwise it is easy for a “keystroke” logger to capture the multi-factor code, send it to the thief and disconnect you from completing the transaction providing a bogus error message.

It is a simple extension to use the same multi-factor card reader in conjunction with the payment card to produce additional codes, which change for each transaction, (on top of the card number and expiry date etc for use on online shopping sites.) The variable code does not have to be long - perhaps 3 digits. This would not require any change to the Visa or MC system - because the CVV2 code (the 3 digits on the signing line normally) could instead be a variable computed code using the authentication device and one's payment card. The card issuing bank's authorization system would compute the code and immediately clear or reject the transaction.

I had a Visa charge card defrauded after going through an autopista toll booth in Spain a few years ago. Invariably I always opt for one of the lanes that one inserts and removes one’s card from - ie nobody else gets to touch it. On this occasion, all the self service lanes were coned off and I stupidly gave my card to the attendant. Within two hours about 5 million KRW was charged to that card - even though I was in Spain (and had used the card with the PIN in a retail establishment two hours earlier. Ie I couldn’t have been in South Korea. In Ireland there are very few toll booths on the motorway that have a Visa/MC self service slot. Forcing one to pay cash or hand over a payment card to the attendant. In France and Switzerland one never has to part with one’s card in a shop - the point of sale infrastructure must be self-service only.

It is time the protections of the Bill of Exchange Act were made available to all forms of bank payment, as a matter of urgency. This would force the banks to innovate to create the required security.

The Act says in quaint, hard to read, common law style (Civil law is far simpler to read)

*“24. Subject to the provisions of this Act, where a signature on a bill is forged or placed thereon without the authority of the person whose signature it purports to be, the forged or unauthorised signature is wholly inoperative, and no right to retain the bill or to give a discharge therefor or to enforce payment thereof against any party thereto can be acquired through or under that signature"

Rucking_Fetard

Use on screen keyboard for typing

syklops

Rucking_Fetard wrote: »

Use on screen keyboard for typing

If you think your system is compromised, don't use it for payments full stop.

Otherwise we will nurture a generation of people who use the on screen keyboard when making payments oblivious to a new generation* of malware which use OCR to read peoples credit card numbers and which doesn't depend on key presses.

I used the asterisk, because it really isnt all that new at all.

In many ways the phrase "keylogger" is out dated. "User input logger" is more accurate, but doesnt slide off the tongue as easy.

Blowfish

Rucking_Fetard wrote: »

Use on screen keyboard for typing

An on screen keyboard is only really going to stop hardware (i.e. physical) keyloggers. Anything software based is going to intercept the keys at either the driver or OS level, both of which the on screen keyboard still have to go through. That aside, most keyloggers these days will capture more than just keys, including a fair few that capture screen caps etc.

Copying+pasting the password is often suggested as an alternative, but this is even worse as it's far more trivial to capture this than it is the keys in the first place.