Hacking Chip-and-PIN
February 28th, 2008 by admin Posted in Chip PIN, Credit Card Fraud
There’s a blog post online about some computer security researchers who have found a way to compromise Chip-and-PIN terminal devices. You can check out the BBC NightNews show here.
Ok, yes this is an attack against the system, but do you realize how it requires physical access to the systems? I’d be very happy if this was the only way to compromise payment systems because it means all the other security holes in the software, remote administration, encryption, etc. have been addressed.
I think we will see more and more hackers driven to the physical side of data compromise as the current low hanging fruit dries up.
Here’s another example of how a hacker put a video camera outside a Chip-and-PIN machine. Low tech sometimes still works.
Update: Cory Doctorow of BoingBoing also covered this topic.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
2 Responses to “Hacking Chip-and-PIN”
By PCI Punk on Mar 5, 2008
It is already a huge problem. This weekend IKEA in Sweden was hit by attackers who hid in the store overnight and installed skimming devices on the self serve POS systems.
More details here (Swedish link) http://www.aftonbladet.se/nyheter/article1961103.ab
At least this attack was detected and the culprits were even caught on camera. Another Swedish link below http://www.aftonbladet.se/nyheter/article1973448.ab
Which proves the point that if an attacker has physical access, then it is game over …