An article relating to this blog post on Finextra:
Fraudsters rigging Chip and PIN terminals to steal data - report
Hundreds of Chip and PIN terminals in shops and supermarkets across Europe have been rigged by criminals and used to steal shoppers' card details, according to US national counter-intelligence executi...
See article
I can see how lifting account details from a terminal device can help an attacker take over a bank account via conventional channels, but I am not sure that this is an attack on the
Chip and PIN system is it? I assume that the attackers are not able to clone any smartcards using the stolen data (because of the fundamental security measures in the chips, which for one thing include secret cryptgraphic codes that are not revealed
to the terminals).
Can anyone shed more light on what is actually achieved by these attacks?
And why wouldn't these organised attackers -- so organised they can interfere with the design and manufacture of terminal devices in the factory -- target magnetic stripe devices, as still used in the US? That would lead to wholesale cloning of cards on
a gigantic scale not possible with Chip and PIN.
Stephen Wilson, Lockstep.