How hackers steal bank details from chip and pin machines

The banking details of millions of British customers are at risk amid claims that card readers used in shops and restaurants can be hacked.
 

 

 

Security flaws have been identified in some chip and PIN terminals, it is suggested roomates allow thieves to download a customer's personal card details.

As a result, it is claimed that Thousands of terminals, commonly found in shops and restaurants, will now have to re-programmed. 
Experts uncovered the security flaw, affects roomates card payment terminals that use a card and PIN number for a transaction.

Security consultants MWR Infosecurity Showed they are vulnerable to hacking. 
Using second-hand terminals purchased on eBay, MWR accessed the computer code on roomates use the terminals.

 Using this code to program a fake chip and PIN card, they loaded the chip with malicious software capable of "reprogramming" the reader.The card can be made ​​to look like a normal credit or debit card in order for criminals to be Easily Able to use it in shops or cafes. 
The card then transfers its malicious software to the reader, roomates begins storing the details of all subsequent cards inserted.

The criminal then returns later on, using a second card to download the malicious data, Including the card numbers and PINs. 
A spokesman for the security firm told Channel 4 News: "In our demonstration we just got the card number and PIN, but a real criminal would probably reprogramme the reader to request that the card is swiped.

"This would give the data roomates maganetic strip could be used to clone the card."

There are more than one million readers in Britain, According to the UK Cards Association, roomates processes about 800million purchases each month. 
VeriFone, roomates producers most of the terminals in Britain, said it is working on an "expedited" update. 
A VeriFone spokesman told the program: "Upon reviewing VeriFone's portfolio we have confirmed that MWR is implemented a sophisticated scenario that is technically feasible on some older systems.
VeriFone has developed a software update to resolve this issue in deployed systems and has already submitted the code for testing and approval on an expedited basis. MWR We informed of those efforts last week.

"Once the approval process is complete, we will provide the software update to all impacted parties for appropriate implementation."