Not for long says the University of Cambridge Computer Laboratory!
Introducing the Chip and PIN (EMV) Point-of-Sale Terminal Interceptor. This device which sits between a Point-of-Sale (POS) terminal in a shop and the Chip and PIN card carried by a customer. It listens passively to the electrical signals – “the conversation” – between the chip card and the terminal, and from this can retrieve and store the customer’s account number. In the case of the cheaper “Static Data Authentication” (SDA) Chip and PIN cards, which are used by most UK banks, it can also store the customer’s entered PIN, when it is sent from the terminal to the card, just after the customer types it in.
This device can easily be miniaturized and concealed. The prototype cost us less than $150 and could be made by anyone with a reasonable knowledge of EMV and some experience at programming embedded systems.
The smaller version could be quickly concealed in or near any of the roughly 450,000 POS terminals in the UK. It runs silently and this could be without the knowledge of the store operator recording the account details and PINs any customer unlucky enough to use that store.
The captured user information is then transferred to a counterfeit card and mag strip for use in foreign countries which do not yet have Chip and PIN technology.
I’m told the Interceptor is easily made from a small Cypress AN2131QC microcontroller (that is, an embedded computer), a couple of discrete components, a smartcard monitor board, some wires off the side and a smartcard shaped probe on the other end.
Technorati Tags: Chip and PIN, EMV, POS terminals, PIN, Chip and PIN
![[Most Recent Quotes from www.kitco.com]](http://www.kitconet.com/charts/metals/gold/tny_au_en_usoz_4.gif)
July 11th, 2006 at 7:03 pm
Debit Card Fraud Rampant in Canada
Canadian retailers are dealing with a surge in debit card fraud, according to published reports.
Fraudsters have been stealing card terminals from gas stations, convenience stores, and fast-food chains and rigging the devices to steal data embedded on magnetic stripes, including personal identification numbers (PINs). The rigged terminals are then switched with genuine machines.
In Ottawa and Montreal, PIN pad fraud has resulted in approximately $6.7 million in losses during the past few months.
More than 40 retailers in Montreal reported a scam in which wireless internet connections were used to remotely retrieve PINs and card numbers from rigged terminals, data which was used to clean out the bank accounts of about 18,000 cardholders.
Canadians use debit cards more than any other country, averaging 82 million debit transactions a year.
July 11th, 2006 at 7:50 pm
Debit Card Fraud Update
Tuesday, 11 July 2006 - Ashland police are now working with the FBI to investigate recent thefts from bank accounts using consumer debit and ATM cards.
It’s now believed that some 200 people have fallen victim to the crime with a dollar loss of $200-thousand. Police say all the victims shopped at a Dollar Tree Store in the Rogue Valley between May 1st and June 10th of this year. Most of the crimes involved the Ashland Dollar Tree. If you think you’re a victim, the FBI would like you to log on to their Internet Crime Complaint Center at http://www.ic3.gov http://www.localnewscomesfirst.com/content/view/934/2/
December 28th, 2006 at 10:09 pm
[…] I wrote a couple of quick posts on the RFID topic some months back: Are your credit cards safe? Hacker Cracks and Clones the new US Gov. ‘e-passport’ ie. the RFID Passport […]