The UK’s leading manufacturer of credit and debit card terminals has announced that it is in the process of updating its devices, after a security firm revealed that they may be vulnerable to hacking.
The news from Verifone may mean that the details of thousands of credit and debit card holders could have been accessed by fraudsters as they carried out everyday transactions.
MWR Infosecurity accessed the computer code which terminals operate on before using the code to programme a fake chip and PIN card.
Although the test was carried out on second-hand terminals purchased on eBay, the fact that the chip could be loaded with malicious software capable of reprogramming the reader reveals how the system could easily be open to attack.
The malicious card looks like a regular debit or credit card but once it is inserted into a reader it will enable the device to store the details of all subsequent cards used.
A second malicious card can then be used to download data which includes details of card numbers and PINs.
“In our demonstration we just got the card number and PIN, but a real criminal would probably reprogram the reader to request that the card is swiped. This would give magnetic strip data which could be used to clone the card,” said an MWR spokesman.
According to the UK Cards Association there are roughly 900,000 such readers in the UK, processing a staggering 800 million transactions per month.
Commenting on the update, a Verifone spokesman said: “Upon reviewing VeriFone’s portfolio we have confirmed that MWR implemented a sophisticated scenario that is technically feasible on some older systems.
“VeriFone has developed a software update to resolve this issue in deployed systems and has already submitted the code for testing and approval on an expedited basis.”
You can compare credit cards with Propertywide.