Cambridge University
researchers have demonstrated how chip and Pin terminals can be
potentially opened by criminals to run their own applications to
conduct fraud.
The researchers have posted their demonstration on the
YouTube website, but instead
of collecting credit card numbers from the chip and Pin device they
ran the Tetris game instead.
Security researchers Steven Murdoch and Saar Drimer managed to
run the game by replacing most of the terminal’s internal
electronics.
The researchers said that chip and Pin terminals could so far
only ensure that communications links to banks were cancelled when
opened. They could not prevent fraudsters opening them and
collecting card numbers and Pins from customers with their own
hardware and software.
Last year, a number of petrol stations in the UK were targeted
by fraudsters using chip and Pin terminals.
Payment clearing association Apacs said chip and Pin terminals
were tamper resistant, not tamper proof.
Apacs says Chip and Pin has substantially cut retail fraud.
Read article:
Chip and Pin cuts fraud
Shell suspends chip and Pin payments following fraud
Shell investigates chip and Pin fraud
Comment on this article:
computer.weekly@rbi.co.uk