Chip and pin hack exposed

Found on The Inquirer on Sunday, 07 May 2006

Big oil company Shell suspended chip-and-pin payments at 600 petrol stations in the UK after it discovered that customers' accounts had leaked around £1 million.

According to our source, a team of shysters has been turning up at petrol stations posing as engineers and taking the Trintech Smart5000 Chip and Pin units away for repair. They have then bypassed the anti-tamper mechanisms and inserted their own card skimmer.

The hoods then return the unit, again posing as an engineer. Once the units begin collecting card details these are sent abroad and used to withdraw cash.

To get around the anti-tamper mechanisms, the fraudsters might have had access to a reset program that would allow them to reset the alarm or they were able to engineer their way round it by using different parts from previous versions of the Smart5000 unit. "Either way," said our mole, "they were very clever."

Social engineering will get you almost everywhere and everything.

Browse all articles« Previous « » Next »