Slashdot Mirror

← Back to Stories (view on slashdot.org)

Criminals Hacked Chip-and-PIN System By Perfecting Point-of-Sale Attack (net-security.org)

Posted by timothy on from the tab-a-slot-b-oops dept.

An anonymous reader writes: When in 2010 a team of computer scientists at Cambridge University demonstrated how the chip and PIN system used on many modern payment cards can be bypassed by making the POS system accept any PIN as valid, the reaction of the EMVCo and the UK Cards Association was to brand the attack as "improbable." After all, the researchers used a bulky tech setup that had to be carried around in a backpack but, as it ultimately turned out, a year later an engineer based in France found a less obvious way to perform the attack.

7 of 145 comments (clear)

  1. I didn't think of it means... by bobbied · · Score: 3, Insightful

    Improbable anybody would do it..

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:I didn't think of it means... by Capt.Albatross · · Score: 4, Insightful

      It is worse than that, because after they were shown that it could be done, they did nothing about it until this latest exploit threatened to make their failure general knowledge.

      Why is it that the stupidest people always seem to be the ones making the decisions in matters of security?

    2. Re:I didn't think of it means... by fustakrakich · · Score: 4, Insightful

      Why is it that the stupidest people always seem to be the ones making the decisions in matters of security?

      Maybe you should ask their boss that question...

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:I didn't think of it means... by TemporalBeing · · Score: 3, Insightful

      It is worse than that, because after they were shown that it could be done, they did nothing about it until this latest exploit threatened to make their failure general knowledge.

      Why is it that the stupidest people always seem to be the ones making the decisions in matters of security?

      Because everyone is stupid when it comes to security until something security related happens to them.

      --
      Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
    4. Re:I didn't think of it means... by Baron_Yam · · Score: 4, Insightful

      Because the frauds committed aren't even big enough to be a line item in their budget. Why invest in security now when you might not need to fix the problem for a budget year or two?

      It's a coldly calculated financial decision.

  2. Chip cards would not have prevented Target Breach by sasparillascott · · Score: 4, Insightful

    Just good to mention that Chip & PIN cards would not have prevented the Target breach in any way as mentioned in Brian Krebs follow up article:

    https://krebsonsecurity.com/20...

    "0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions)."

  3. Re:Chip is good security theatre by IamTheRealMike · · Score: 4, Insightful

    "I used my card in the old insecure mode several times and then am surprised when the card got skimmed"? Really?