Skip to navigation
   
Davey Winder's Blog
RSS

Every little helps chip-and-pin thieves

By Davey Winder in Editorial

Posted in Data Protection, Blog, e-commerce on October 12, 2008 at 12:11 pm

Permalink | Author Profile

Blimey, just as I was about to leave for the regular weekly family supermarket hike to Tesco I have to go and read this rather disturbing news story from someone whose opinion on matters ITsec related I value very highly indeed.

Graham Cluley first got wind of the fact that there might be something fishy going on at the supermarket checkout a couple of months back, following a number of reports from local newspaper journalists asking if he knew anything about credit card fraud at the supermarket. It seems that readers of local newspapers had been getting in touch to suggest particular supermarket branches had been involved in some kind of chip and pin fraud.

Now the story has exploded into the national newspapers, with the The Telegraph reporting how hundreds of the chip and pin payment machines used in supermarkets across Europe have been tampered with to steal your credit card data.

OK, so nothing new in the old double swipe, or the false front card reader for ATM machines and even the odd bit of WiFi phreakery to do this sort of thing. But this is different, this the reports suggest, involves the terminals you use at the checkout actually having been tampered with before they shipped. Internally, so that there is no way of telling from an external examination that the device is compromised.

The head of the US National Counter Intelligence Executive warns that suspect devices have been shipped to Britain, Belgium, Denmark, Ireland, and the Netherlands. All with hidden hardware that can transmit card data via the mobile phone network to the criminal ring behind the scam based in Lahore, Pakistan.

Amongst the supermarkets said to have been affected in the UK are market leaders Tesco, Asda and Sainsbury’s. Graham Cluley says that supermarkets are now “weighing chip-and-pin devices to determine if they were compromised or not, as affected machines weighed three to four ounces heavier.”

Perhaps the most worrying of all is that this time the thieves have been clever. Patient and clever. They did not cash in on the stolen data immediately, as is the usual pattern of such things, but instead waited a couple of months to make tracking back the root of the data loss that much harder.

Cluley says that buying goods in a respected supermarket should be safe, however he does warn that “Retailers are going to have to do more in future to ensure the integrity of their payment devices is utterly without question, and to guard the supply of such devices from factory to supermarket checkout, or risk losing the confidence of their customers.”

It is also distrubing as it means that although previous news reports have suggested that credit card crime has been driven overseas, that the UK is actually still at risk.

12345
Rated: 100% (2 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Roger - October 13, 2008 on 9:58 am

Such crimes would be prevented if banks use Card Key Code system described on website www.xwave.co.uk

Virtually all fraud crimes will be a thing of past if banks make signature and PIN systems reliable as proposed.

Comment by Mike Russell - October 14, 2008 on 11:57 am

If you follow to the video, you see, or rather hear, the problem; “Banks & institutions refuse to even listen.” No doubt there are people whose reputations sit on the current system. Were it to be demonstrated to be woefully inadequate (we all know it is..) then these, well-placed individuals would lose face. That will never happen.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Browsers Silverlight botnet Facebook Gateway snooping virtual machine work Software memory Pirate Beta Apps Lotus Europe computers students Backlash Acer Enterprise Space President IT adware Ballmer migration Patents Guardian survey Palm Media fake carbon copy privacy trust Meh smartphone Palm Pre NASA Conference The Federation cloud Windows 7 fun XP lawsuit data protection support Addiction Rumour home RAM McKinnon remote Energy SMS hacking ecommerce Application USA Kaspersky teleworking Cisco Eee PC virus stupidity campaign web 2.0 Research earth hour social networking encryption Paris Hilton innovation malware network service copyright Internet Intel App Store MessageLabs meme credit card fraud VPN Deal Digital Footprint OCR disclosure Tesco SSL Geeks Google universe computing Noro Performance computing Browser green Windows BOFH office Michael Jackson sick MSNBC Web Development storage Children Microchip Big Brother email outsourcing Health news virtual world Hack VeriSign management Flash IDC Spotify Networks scam Nexus digitise Psion archiving broadband museum Government admin e-commerce scareware FBI desktop Kin Advertising App patch management Microsoft policy environment Music biometrics web hubdub remote working Licensing politics Top 500 Review Kill Switch mail MSN betting virtualisation Battery wifi printing Firefox second life rootkits IP Internet Explorer science gadgets size e OS Apple christmas global spam Funny family graphics Blogging theft crime Sex GMail mobile Mobile Phones stupid Vista Voice Video Dell Top 10 HPC ISP hacker Yahoo books Marketing Mobile Phone Jobs phishing Steve Jobs scan world of warcraft fraud iPhone acquisition parental control dumb gaming nightmare productivity Project Jesus Phone law report Parenting workplace hoax Bill Gates Banned Texting Mars Johnny Depp AMD technology Game Education Blog search library worker Twitter computer Android tax Adobe Russia Digg security Data Centre iPad Death code terrorism Rant YouTube Developers Amazon VM Study surveys standards Election China spending transactional security iPod InfoSec economy statistics Analysis Retail services recession Linux Harry Potter Eee man-in-the-middle Obama chips money Olympics worm prison Army football staffing hypervisor black hat CAPTCHA Employment Madness games patent IBM Scotland tech exploit symantec Trousers Military poll GSM Notebooks NBC linkedin Netbook fool holidays help xmas eBook Psychic iPhone 3GS data Programming Mafia banks Gartner RATM Experiment School Opinion Supercomputer Kindle Texas Instruments debian ROFL Windows Phone 7 Series ASUS BSI economics Porn Sony Business MiniBook credit crunch Finjan Steve Ballmer Gadget ID Theft Zango development ISPA hardware iPhone 3G payments HP avatar documentation Trojan millions console PS3 information open source monetisation Nintendo Architecture Recall Google Earth Press DNS payment server compromise banking EU shopping
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement