Criminals using fake credit cards, made with data stolen from Target, are already being arrested
The FBI has issued a warning to US shops telling them to beef up defences against cyber-thieves.
The agency included its warning in a confidential report to large retailers that was obtained by Reuters.
In particular, said the FBI, shops need to look for the type of malware used to steal millions of credit card details from shoppers at retailer Target.
The FBI said it had seen about 20 cases in the last year where data was stolen using the same type of malicious code.
That code has been inserted on to credit and debit card swiping-machines, cash registers and other point-of-sale (POS) equipment.
“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” read the FBI report.
The low cost of the virus code, its wide availability on underground markets and the potential for profit if POS equipment was compromised made it very attractive to thieves, said the agency. One copy of the type of software used to grab data at tills was on sale for only $6,000 (£3,600), said the FBI report.
The report was sent out as more details emerge about the extent of the security breach at US retailing giant Target.
Reports suggest that the attackers who planted malware on Target tills were scooping up card data for 19 days during the busy Christmas season. The thieves are believed to have got away with complete details for 40 million cards and stolen personal data on about 70 million customers.
The attack is believed to have been one of the biggest retail cyber-attacks in history.
Recent arrests suggest the data stolen from Target is already being used to create counterfeit cards. In mid-January two people were arrested at the Texas-Mexico border with 96 fake cards later identified as being from the huge cache stolen from Target.