[Gllug] Chip and PIN
Christopher Hunter
chrisehunter at blueyonder.co.uk
Wed May 10 18:16:55 UTC 2006
On Wednesday 10 May 2006 16:07, John Winters wrote:
> I would certainly think twice about typing my PIN into any system where
> my card was swiped through a card reader. The ones where only the end
> of the card goes into a closed slot (so that the chip can be activated)
> could potentially let someone discover your PIN, but there's no way they
> can read your mag-stripe.
The information on the mag stripe is, alas, duplicated on the chip.
This "skimming" exercise seems to have more of a "social engineering" effort -
the C&P readers were removed by "engineers", and returned with the extra
electronics installed!
I've seen one of these nefarious "skimming" devices a few months ago over in
the Netherlands. It had been added to a C&P terminal, and sent its data by
bluetooth! As the range was limited, I assume that a member of staff at the
premises was involved - all you'd need is a bluetooth-enabled PDA, and you
could log all that the terminal did. The hardware, incidentally, was just a
bluetooth module and a 16F628 PIC. The PIC stole its clock and power from
the main PCB, and was just tagged on to the main PCB in about six places with
bits of wire!
Chris
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list