Retail Security Tagging - Loss Prevention

Unit 1, Mill Farm Business Park
Millfield Road, Hounslow
Middlesex, TW4 5PY
+44 208 893 9922

EAS TAGGING

CCTV

ACCESS CONTROL

RETAIL SECURITY EQUIPMENT

TRACK CAMERA

LIBRARY DIVISION

PEOPLE COUNTERS

Whats New [more]

AB TAG

A protocol flaw has been discovered that could allow criminals to use a genuine chip-and-PIN card to make a payment without knowing the card’s PIN. The vulnerability allows fraudsters to remain undetected even when the merchant bank has an online connection to the banking network.

Eli Jellenç, head of international cyber intelligence at iDefense, comments, “A group of researchers from Cambridge University’s Computer Laboratory found a simple method of compromising the EMV protocol (better known as the chip-and-PIN system) to process debit transactions without the correct cardholder’s PIN. The man-in-the-middle attack allows fraudsters to insert a device between the stolen card and the terminal, which tricks the terminal into believing it correctly verified the PIN. In fact, the fraudster can enter any PIN, and the software will tell the terminal that the system has verified the PIN and accepted the transaction with a “Verified by PIN” signature.”

Normally, consumers insert their payment card and enter their PIN number, with the terminal then continuing the transaction if accepts a signal indicating that the PIN has been entered correctly. The Cambridge researcher’s attack scenario uses an electronic device as a man-in-the-middle to trick the machine into believing that the PIN is correct automatically, bypassing the message confirming the PIN from the card itself.

The PoS terminal will produce a receipt that states, “Verified by PIN”, and bank records will show that the terminal received a correct PIN. Victims of this attack may have a difficult time receiving a refund by their bank once the payment system authenticates the transaction with no trace of a fraudulent device.

Eli Jellenç continues, “If criminals were able to exploit this type of scam, banks would find themselves dealing with a wealth of complaints from angry customers. It could be hard to discover the extent of the problem, as their machines would display only a number of seemingly approved chin and PIN transactions. Financial institutions could proffer the opinion that if their customers’ cards were compromised they must have been careless with their PINs, potentially leading to a game of tug-and-war between bank and consumer.”

This demonstrates yet another sophisticated method of scamming consumers, which would be easy for fraudsters to exploit.

NEWS - click to read more latest news

Protocol flaw could allow criminals to use a genuine chip-and-PIN card to make a payment without kno
... Click here to read more

'Freedom from Fear' campaign gathers support to beat retail crime
... Click here to read more

New coloured RF pedestals now available
... Click here to read more

LIBRARY News

Intrepid Libray barcode labels
... Click here to read more

Intrepid Library now providing Intelitag products.
... Click here to read more

ARTICLES

Data Mining - Beyond Point of Sale Monitoring
... Click here to read more

WH Smith Book SmartTrack
... Click here to read more

EAS TAGGING

Our independence enables us to install, service and maintain all makes (such as Knogo) and ty..click here

CCTV

Building on our technical foundations, Intrepid has been pioneering the integration of int..click here

ACCESS CONTROL

Intrepid supplies access control systems for every requirement. Single door entry packages us..click here

RETAIL SECURITY EQUIPMENT

Providing a total security solution entails taking a look at the wider picture..click here

TRACK CAMERA

360o Vision with the world's only Twin Camera carraige track CCTV system.

click here

LIBRARY DIVISION

Whether you are planning a new library or upgrading an existing one, Intrepid Library ha..click here