A possible modus has been discovered regarding the major security upgrade done by banks in the U.S. just recently. (Photo : Reuters)
A possible modus has been discovered regarding the major security upgrade done by banks in the United States just recently. The security upgrade can roll out a chip and use the pin technology. This was an upgrade that expected a great amount of success; however a major flaw has been discovered. It can certainly have a depositor think more while using their PIN.
A team of German security specialists have discovered how to steal payment card data from the terminals without a need for compromised POS hardware or skimmer. SRLabs Karsten Nohl and his team were able to discover the attack using a regular WiFi network. When a Russia Today reporter visited the team to see the firsthand crime, they were not only able to catch the pin, but also create a cloned credit card in minutes.
The error that allowed them to do such attack was also something that can't be patched through software. It is caused by an error in the protocol of the payment terminal once data is transmitted. Apparently, banks have to put more attention to be able to fix the issue.
Fortunately, it's a major attack than cannot affect anyone or his transactions. Unless you are paying in Germany, these terminals won't have to rely on the ZVT protocol. It is also something that one can prevent through certain precautions and standard compliant network designs.
As to why many banks in the US are quite comfortable with such discovery is because the SRLabs attack is only hypothetical. This was a statement made by Stefan Marotzke of the German Association of Savings Banks. He continues the attacks done through the magnetic stripe technology will not transfer to these smart cards. He may have missed out that part of the video where the PIN was stolen by SRLabs.
