RSA 2009: Fake chip and PIN readers hit UK

credit card lock

A security researcher has warned people to beware of fake chip and PIN readers swapped for real devices in the UK and around the world.

Uri Rivner, head of new technologies at RSA, said that criminals were stealing credit card data using fake Point of Sale (POS) devices.

RSA had also seen a new business model for the crime, where the suppliers of the readers and those using them against customers would both get a cut of the profits.

The fraudster at the POS would get one of the card readers subsidised from a criminal supplier, and swap it for a real device at the targeted store or restaurant in question. When a real customer swiped the card, the reader would work exactly as you would expect a real chip and PIN device to behave.

Speaking at RSA Conference Rivner said: "When a real customer swipes a card it will be like everything is okay. All of the cards will actually work, but all of that information will go to a web server. The mothership where all of this data is collected."

The operators would also have the chance to earn money from the fraud, as they would keep about 30 per cent of the credit card data.

"It's not phishing, it's not trojans it's very physical," said Rivner. "But on the other hand it's a very new business model where information resides over the internet."