Security flaws have been identified in some chip and PIN terminals which, it is suggested, allow thieves to download a customer’s personal card details.
Experts uncovered the security flaw, which affects payment card terminals that use a card and PIN number for a transaction.
Security consultants MWR Infosecurity showed they are vulnerable to hacking. Using second-hand terminals purchased on eBay, MWR accessed the computer code that the terminals use. Using this code to programme a fake chip and PIN card, they loaded the chip with malicious software capable of “reprogramming” the reader.
The card can be made to look like a normal credit or debit card in order for criminals to easily be able to use it in shops or cafes.
The malicious card then transfers its software to the reader, which begins storing the details of all subsequent cards inserted.
The criminal then returns later on, using a second malicious card to download the data, including the card numbers and PINs.