Friday, May 2, 2008

PIN Debit Meets the Web is DTN Cover Story

Digital Transaction News Cover Story for the month of May is "PIN Debit Meets the Web".

I'll have more on this later in the day, but if you'd like to read the article in it's entirety, you can either subscribe to Digital Transaction News for Free by clicking here


You can download the entire May Issue of Digital Transaction News in Adobe PDF format by clicking here.

I've been a subscriber since for a couple years now and it's a great publication, I would highly recommend subscribing.

Supermarket ATM/Card Reader Rigged with Illicit Scanner

Some shoppers at a supermarket in Los Gatos, Calif., got more than they bargained for in the past week: Over 100 have become victims of identity theft after the debit- and credit-card reader at the checkout was rigged to siphon off their debit- and credit-card information.

The perpetrators used the card information and PIN numbers to churn out cloned cards, which then were used to withdraw cash from the victims’ accounts and to incur fraudulent charges on their credit cards. The customers of the Lunardi’s grocery store in Los Gatos have been reporting cases of identity theft to authorities since last Sunday evening, and reportedly have been losing an average of $1,000 from their bank accounts, according to a published report .

"What we have here is more than one person -- they've been able to get in there (Lunardi's) and switch out the ATM card reader," said Los Gatos-Monte Sereno police Sgt. Tam McCarty in an article in the San Jose Mercury News. "Once they've done that, they can read the card and PIN numbers and either make a temporary card or sell the numbers over the phone."

It’s unclear so far whether the scam was perpetrated by an outside criminal or was an inside job. The Lunardi’s supermarket has since replaced its old ATM card readers with new ones that lock to prevent tampering.

Scanner tampering has long been a subject of concern for security researchers, who have demonstrated the ease of ATM machine hacks, as well as of smart card scanners for physical security.

The stolen card account incident at Lunardi’s follows a similar one in Los Altos in March at an Arco gas station’s payment machine.

Rob Enderle, president of Enderle Consulting, says this is yet another type of card-scanning scam. “It speaks strongly for the need for strong multifactor authentication over anything dealing with confidential data, particularly financial data
“Attacks like this are likely to spread ,and it is relatively easy to search on the Web and find the parts you need to build one of these things," Enderle says. "I’ll bet there are sites in Eastern Europe where you can order the entire solution custom designed for the attack a criminal wants to make."

Disqus for ePayment News