Credit card details can be stolen from card readers
Credit and debit card details can be stolen from card readers and frequently used in shops and restaurants, according to new figures. Thousands of card readers will have to be reprogrammed as a result.
credit cardsThe security flaw was found within card terminals that allow customers to enter their card and PIN number to make purchases. It was recently discovered that the card terminals are vulnerable to hacking as card criminals can use a fake chip and PIN card and loan malicious software to the terminal. This software can then begin storing the details of all subsequent cards inserted.
Once this has occurred the criminal can return later with a second card to download the data including card and PIN numbers.
The fake cards, which criminals can use, can be made to look like a normal credit or debit card, and can be used in shops or cafés.
Verifone, the company which creates most of the UK’s terminals, said that it is working on an ‘expedited’ update for the terminals after security consultants MWR found evidence that the terminals can be hacked.
An MWR spokesman said: “In our demonstration we just got the card number and PIN but a real criminal would probably reprogramme the reader to request that the card is swiped. This would give magnetic strip data which could be used to clone the card."
A Verifone spokesman said: "Upon reviewing VeriFone’s portfolio we have confirmed that MWR implemented a sophisticated scenario that is technically feasible on some older systems.
"VeriFone has developed a software update to resolve this issue in deployed systems and has already submitted the code for testing and approval on an expedited basis. We informed MWR of those efforts last week.”
An estimated 900,000 readers operate in the UK and the UK Card Association claims there are around 800 million transactions per month.
A prepaid card could be a good alternative to credit cards as they reduce the risk of ID theft.