THE point-of-sale machines designed to verify chip-and-PIN credit and debit cards may be vulnerable to hardware attacks that allow crooks to steal PINs.
Ross Anderson, Saar Drimer and Steven Murdoch at the University of Cambridge computer security lab discovered that it is possible to attach a simple data-tapping circuit between an inserted card and the reading circuit of two common PIN entry devices (PEDs) – made by Ingenico and Dione. This could allow someone to record both the account number and the PIN. “Armed with this, fraudsters can counterfeit cards and withdraw cash from ATMs [in countries without chip-and-PIN systems],”…
