Tamper Resistant Point of Sale Machine Isn’t

By Space Rogue 2 comments

When I see something labeled tamper-resistant or even tamper-proof I don’t assume it is secure I just think that it is a little more difficult to break into than something that isn’t tamper-resistant. Three researchers at the University of Cambridge have figured out that PIN entry keypads used for Chip+Pin transactions in the UK are anything but tamper-resistant. They have published a paper to show just how easy it is to break them open and record customer data as they swipe their cards and enter their pin numbers. I applaud their effort but all they had to do was look at what happened to Stop & Shop Supermarkets a few short months ago.

Here is some advice which you can use, at least here in the US, don’t trust those card swipe and pin entry machines at the checkout counter. Most Debit cards from US banks will also work as a VISA or MasterCard. If your at WalMart and you whip out the ATM card and the machine asks you for your PIN, hit cancel. If the checkout lady at the supermarket asks “Debit or Credit” always, always say credit. If that little machine at the checkout stand is secretly recording your card number at least you won’t also be giving it your PIN and complete access to your checking account. While this won’t stop fraud it will make the bad guys work a little harder. Hard enough perhaps that they skip your card and go to the next one. Not to mention that VISA and MasterCard probably offer a bit more fraud protection than your local bank.
 



2 Comments

shadow

Mar 3, 2008, 1:43 pm

wow!!! now this is interesting… so those little machines can access accounts…well if i could hack those then i’d have access to peoples accounts,heeheehee… from now on i’ll
by things cash!!! on a side note i went to the ATM today and as i was waiting for my turn, i peered over the other unused machine and i noticed that it was booting…from my view i saw how much RAm the michine had and then it booted into windows XP!!! i continued to watch and it went to a window to run the program but the name was to small for me to see…looks like alot of banks here run windows.. bad choice as there is so many trojens and viri just built for windows… well they snooze they loose hey 😛

SPACE ROGUE » More POS Hacks Grab CC Numbers

May 5, 2008, 9:46 am

[…] cards through to make copies of the information. I’ve written about this before here and here. Previously it was Stop & Shop Supermarkets who had their card readers physically altered […]

Leave a Reply