Cambridge University researchers have demonstrated how chip and Pin terminals can be potentially opened by criminals to run their own applications to conduct fraud.
The researchers have posted their demonstration on the YouTube website, but instead of collecting credit card numbers from the chip and Pin device they ran the Tetris game instead.
Security researchers Steven Murdoch and Saar Drimer managed to run the game by replacing most of the terminal’s internal electronics.
The researchers said that chip and Pin terminals could so far only ensure that communications links to banks were cancelled when opened. They could not prevent fraudsters opening them and collecting card numbers and Pins from customers with their own hardware and software.
Last year, a number of petrol stations in the UK were targeted by fraudsters using chip and Pin terminals.
Payment clearing association Apacs said chip and Pin terminals were tamper resistant, not tamper proof.
Apacs says Chip and Pin has substantially cut retail fraud.
Read article: Chip and Pin cuts fraud
Comment on this article: [email protected]