Thursday, October 22, 2009

RSA 2009: Fake Chip and PIN readers hit UK



Fraudsters are being given a fake chip and PIN reader cheaply in return for giving the criminal supplier a share of the data.

By Asavin Wattanajantra, 22 Oct 2009 at 10:35



A security researcher has warned people to beware of fake Chip and PIN readers swapped for real devices in the UK and around the world.  Uri Rivner, head of new technologies at RSA, said that criminals were stealing credit card data using fake Point of Sale (POS) devices.



RSA had also seen a new business model for the crime, where the suppliers of the readers and those using them against customers would both get a cut of the profits.



The fraudster at the POS would get one of the card readers subsidised from a criminal supplier, and swap it for a real device at the targeted store or restaurant in question. When a real customer swiped the card, the reader would work exactly as you would expect a real chip and PIN device to behave.



Speaking at RSA Conference Rivner said: “When a real customer swipes a card it will be like everything is okay. All of the cards will actually work, but all of that information will go to a web server. The mothership – where all of this data is collected.”



The operators would also have the chance to earn money from the fraud, as they would keep about 30 per cent of the credit card data.





Reblog this post [with Zemanta]

Disqus for ePayment News