posted 01 Aug 2012, 13:04
How hackers steal bank details from chip and pin machines
The banking details of millions of British customers are at risk amid claims that card readers used in shops and restaurants can be hacked.
Security flaws have been identified in some chip and PIN terminals, which it is suggested allow thieves to download a customer’s personal card details.
As a result, it is claimed that thousands of terminals, commonly found in shops and restaurants, will now have to be re-programmed.
Experts uncovered the security flaw, which affects payment card terminals that use a card and PIN number for a transaction.
Security consultants MWR Infosecurity showed they are vulnerable to hacking.
Using second-hand terminals purchased on eBay, MWR accessed the computer code on which the terminals use.
Using this code to programme a fake chip and PIN card, they loaded the chip with malicious software capable of “reprogramming” the reader.
The card can be made to look like a normal credit or debit card in order for criminals to be easily able to use it in shops or cafes.
The malicious card then transfers its software to the reader, which begins storing the details of all subsequent cards inserted.
The criminal then returns later on, using a second malicious card to download the data, including the card numbers and PINs.
A spokesman for the security firm told Channel 4 News: “In our demonstration we just got the card number and PIN, but a real criminal would probably reprogramme the reader to request that the card is swiped.
“This would give maganetic strip data which could be used to clone the card.”
Quite clever, huh? And they tell us chip and pin is the safest way to go.
Source: The Telegraph