German code-breakers have found a new flaw in German payment terminals, specifically for credit cards, that allegedly allows hackers to both swiftly and quietly uncover credit card pin numbers and magnetic strip data.
The attack obviously affects consumers who stand to have their credit card data stolen, but also retailers, and the banks that will be responsible for issuing refunds in the event of credit card fraud.
Perhaps the worst part is how seemingly easy and safe it is for hackers to employ — once you’ve figured out the methodology, the attack can be carried out wirelessly, as long as you’re connected to the same wireless network.
While the attacks have only been tested in Germany, it has been speculated that it could affect systems in other European countries.
Finding vulnerabilities in payment terminals is nothing new. This case is special for two reasons — firstly, it’s a core problem that exists in the very protocol, that can’t be fixed with a simple patch or version update. Fixing the issue will require an overhaul of the entire system.
Secondly, and perhaps more troubling is the fact that while many banks have acknowledged the issue, they are reluctant to react to it.
And in case you’re wondering how urgent the issue is, the same experts who uncovered the vulnerability estimate that a criminal organisation could probably reproduce the attack within a couple of months.
So What Now?
It would be excellent if the banks would take the this threat seriously, and begin the overhaul process they so desperately need. When it comes to data security, prevention is undoubtedly better (and cheaper) than cure.
For German consumers on the verge of a freak-out: the good news is, the way to stay safe is to keep doing exactly what you should be doing at all time — keeping a watchful eye on your transaction history.
Credit card companies will void all fraudulent transactions found on your cards, but you have a personal responsibility to spot them yourself.