Criminal gangs targeting Chip and PIN readers
At the start of the year researchers published a report on hacking Chip and PIN readers – now details have emerged of UK criminals doing the same thing.
Police have said criminals are hacking Chip and PIN readers to steal customer details, after an alleged counterfeit card factory was raided in Birmingham.
It was warned that fraudsters were hiding devices in checkout card machines to access details, which were then used to clone cards and withdraw money abroad where Chip and PIN was not in use.
The factory had the equipment needed to steal details and create fake cards such as chip-and-pin terminals, card writers, card account numbers, counterfeit magnetic strip cards and computer software.
Back in February, Cambridge University researchers published details of successful attempts to obtain PIN numbers and credit card numbers from Chip and PIN terminals.
At the time a report claimed all that was needed for a hack was a bent paperclip, a needle, a short length of wire and some creative thinking', with some observers claiming that the legacy magnetic stripe of a card was inherently vulnerable.
Jonathan Craymer, chairman of authentication security vendor GrIDsure, claimed that the Chip and PIN's reliance on fixed PIN systems had left it vulnerable to attack, especially in other countries.
"Fraud on the UK's high streets has reduced since Chip and PIN was introduced, but the same cannot be said for online fraud and fraud abroad'," he said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
However he was of the opinion that hacking Chip and PIN readers was a difficult way of fraudsters to commit fraud, as there were much easier ways of collecting details.
He said: "No matter what you do to strengthen the Point of Sale terminal you will not overcome the basic problem of people shoulder surfing or key logging a static PIN number."