Skimming: New Device Adaptable to POS Terminals
- At CanSecWest Vancouver 2011 conference, Italian researchers (INVERSE PATH) announced they discovered a significant security breach likely to make Chip and PIN data retrieval easier for skimming devices during hand-to-hand or ATM transactions. In their opinion these facts should contribute to increase the interest of fraudsters in these methods.
- The research team designed an imperceptible device easily adaptable and powered by either the POS terminal or the ATM. It would then be possible to intercept all exchanges performed using these devices.
- This case shows the interest of standards such as PCI-PED (Pin Entry Device) focusing on the security of payment terminals. In addition to PCI-DSS and PCI PA-DSS standards, manufacturers, developers and merchants must provide and use compliant terminals.
- PCI-PED compliance implies that payment terminals security be ensured when the transactions are being processed, when exchanges between the chip and the terminal are being encrypted and that protection against hacking and ETPOS modification was also set up.