Skip to navigation
   
Davey Winder's Blog
RSS

Every little helps chip-and-pin thieves

By Davey Winder in Editorial

Posted in Data Protection, Blog, e-commerce on October 12, 2008 at 12:11 pm

Permalink | Author Profile

Blimey, just as I was about to leave for the regular weekly family supermarket hike to Tesco I have to go and read this rather disturbing news story from someone whose opinion on matters ITsec related I value very highly indeed.

Graham Cluley first got wind of the fact that there might be something fishy going on at the supermarket checkout a couple of months back, following a number of reports from local newspaper journalists asking if he knew anything about credit card fraud at the supermarket. It seems that readers of local newspapers had been getting in touch to suggest particular supermarket branches had been involved in some kind of chip and pin fraud.

Now the story has exploded into the national newspapers, with the The Telegraph reporting how hundreds of the chip and pin payment machines used in supermarkets across Europe have been tampered with to steal your credit card data.

OK, so nothing new in the old double swipe, or the false front card reader for ATM machines and even the odd bit of WiFi phreakery to do this sort of thing. But this is different, this the reports suggest, involves the terminals you use at the checkout actually having been tampered with before they shipped. Internally, so that there is no way of telling from an external examination that the device is compromised.

The head of the US National Counter Intelligence Executive warns that suspect devices have been shipped to Britain, Belgium, Denmark, Ireland, and the Netherlands. All with hidden hardware that can transmit card data via the mobile phone network to the criminal ring behind the scam based in Lahore, Pakistan.

Amongst the supermarkets said to have been affected in the UK are market leaders Tesco, Asda and Sainsbury’s. Graham Cluley says that supermarkets are now “weighing chip-and-pin devices to determine if they were compromised or not, as affected machines weighed three to four ounces heavier.”

Perhaps the most worrying of all is that this time the thieves have been clever. Patient and clever. They did not cash in on the stolen data immediately, as is the usual pattern of such things, but instead waited a couple of months to make tracking back the root of the data loss that much harder.

Cluley says that buying goods in a respected supermarket should be safe, however he does warn that “Retailers are going to have to do more in future to ensure the integrity of their payment devices is utterly without question, and to guard the supply of such devices from factory to supermarket checkout, or risk losing the confidence of their customers.”

It is also distrubing as it means that although previous news reports have suggested that credit card crime has been driven overseas, that the UK is actually still at risk.

12345
Rated: 100% (2 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Roger - October 13, 2008 on 9:58 am

Such crimes would be prevented if banks use Card Key Code system described on website www.xwave.co.uk

Virtually all fraud crimes will be a thing of past if banks make signature and PIN systems reliable as proposed.

Comment by Mike Russell - October 14, 2008 on 11:57 am

If you follow to the video, you see, or rather hear, the problem; “Banks & institutions refuse to even listen.” No doubt there are people whose reputations sit on the current system. Were it to be demonstrated to be woefully inadequate (we all know it is..) then these, well-placed individuals would lose face. That will never happen.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

spam GSM data protection Madness Battery ecommerce Supercomputer iPhone 3G Facebook computing Adobe GMail teleworking remote working Big Brother Finjan fake policy Parenting Deal Flash fun campaign wifi Eee Texting world of warcraft eBook biometrics Game size Backlash black hat App Developers MiniBook USA Study chips SMS digitise ROFL Media Hack migration Energy Gartner Architecture Licensing lawsuit OS Firefox Windows christmas hacker SSL dumb Software worker Noro Kill Switch Networks Kin mobile science betting IDC money gaming Geeks patent Funny workplace Jesus Phone scan Microsoft work App Store xmas home management Press Eee PC Porn monetisation services smartphone IP Cisco rootkits standards adware virtualisation millions Michael Jackson games Data Centre Review innovation Space China staffing Music storage Nintendo trust CAPTCHA BOFH Top 500 admin VPN Guardian ISP Mobile Phone environment development nightmare Research Gadget family OCR information Vista social networking Top 10 Mobile Phones library iPhone global economics The Federation InfoSec archiving Microchip Sony graphics copyright computer Advertising Apps law DNS search carbon copy Spotify banks MSNBC virtual world EU hubdub Linux McKinnon technology VM transactional security cloud payments green news football Beta crime HPC holidays Psychic Marketing exploit Windows 7 economy virtual machine spending stupid Europe desktop compromise outsourcing Recall Banned office scam Zango help Tesco network service linkedin Blog Army Kaspersky YouTube HP Google Earth phishing politics students productivity XP MSN Olympics Kindle ISPA acquisition poll iPad Application tech man-in-the-middle console School Programming books web Notebooks malware credit card fraud remote Lotus prison Pirate broadband Mars Video debian symantec snooping Election hacking NBC surveys payment server code disclosure web 2.0 Sex Blogging earth hour Employment Windows Phone 7 Series printing Jobs BSI Browsers RAM Palm Health Patents Apple IT NASA Education sick memory iPod Harry Potter Government Addiction tax mail Rumour hypervisor documentation survey Steve Jobs computers Performance computing Voice Analysis Conference Internet Palm Pre fraud Psion Android IBM Bill Gates Enterprise hardware Retail Children fool Obama banking Gateway Digital Footprint recession Trousers Acer Experiment theft Twitter e MessageLabs Internet Explorer AMD security Google data PS3 Military Scotland second life VeriSign avatar Mafia Rant gadgets Texas Instruments Project parental control Paris Hilton Browser Dell ASUS report Trojan encryption Steve Ballmer Intel shopping open source Amazon Ballmer patch management hoax Yahoo Netbook credit crunch Digg support Silverlight Opinion Death iPhone 3GS virus museum scareware FBI Nexus stupidity privacy Johnny Depp RATM Russia President universe statistics Meh ID Theft Business worm terrorism e-commerce email meme botnet Web Development
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement