It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Saar Drimer, Steven J. Murdoch and Ross Anderson, researchers at the Computer Laboratory, University of Cambridge, have shown that Chip & PIN machines are not as secure as the banking industry claims. Two widely deployed models of PIN Entry Devices (PEDs), the Ingenico i3300 and Dione Xtreme, fail to protect customers' card details and PINs adequately.
Criminals are already using techniques similar to these to defraud British customers, with losses in one case alone claimed to be in eight figures. The technical sophistication required to carry out this attack is low, and fraudsters have already shown they have the necessary skills. The tap would not normally be visible to customers, and in the case of the Ingenico PED it could be totally enclosed by the device.
The Cambridge attacks call into question the system under which bank terminals are certified. Visa and APACS certified these devices as secure, and the vendors are pushing retailers to buy certified devices. But the evaluators did not find the flaws identified by the Cambridge team. The Protection Profile – the target used by the evaluators – was approved by GCHQ, and yet the Cambridge work has shown it was unrealistic. APACS and Visa claimed the devices were evaluated under the Common Criteria, an international evaluation scheme administered in the UK by GCHQ; yet GCHQ had not heard of the work and now says that the devices were never certified under the Common Criteria.
Google Video Link
Originally posted by jimmyx
reply to post by brill
i hate to say it...but maybe this is where the goverment has to step in and come down hard with regulations, back by severe penelties. these corporations are not going to spend alot more money protecting you, if they can get away with it. and if you don't think that will be the case?...i got one word for you ...CHINA...