Attackers Tamper With Credit Card Scanners To Steal Personal Data

from the bait-and-switch dept

A recently announced vulnerability of Chip and PIN payment terminals in the UK was predicated on the idea that attackers could somehow remove the devices and then replace them with something identical looking that would swipe information off of shoppers’ payment cards. There were a few aspects of the attack that seemed impractical, but perhaps the removal of the machine was not one of them. This week, in Boston, a supermarket chain announced that attackers had stolen data from many of the store’s customers by removing and modifying a few credit card readers. How the attackers got the readers to transmit the data back to them is unclear, as the store is remaining tight-lipped on the technical details of the attack. Of course, it now says that it has locked down all of its readers so as to prevent this from happening again. That seems like an obviously good idea; why is it, though, that these measures like these are only taken after a breach?

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Attackers Tamper With Credit Card Scanners To Steal Personal Data”

Subscribe: RSS Leave a comment
IT says:


Most security measures are only taken after a major theft, take Walmart for instance, where a series of robberies took place in Florida where two men dressed as store employees went through the unattended registers, emptying the larger denomination cash bills into bank bags, moving slowly, looking bored, using keys made for Walmart by NCR. This prompted WM to change the keys to the registers in many of their stores, so that few keys will work between different stores in the chin.

Aliyah says:

No Organization is Perfect

We never had tamper-proof packaging until some idiot decided to put cyanide into Tylenol caplets. I don’t expect a store chain to be able to anticipate every possible security breach before it happens. They would spend too much time and money second-guessing the criminals. It’s easier to fix the damage and make sure that it doesn’t happen the next time.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...