|
|
|
|
|
|
by ufmace
4640 days ago
|
|
|
Sounds like it depends more on how sophisticated the readers are. The current ones are apparently pretty dumb, and just pretend to be a PS2 keyboard and send the info as keypresses, since the guys in the article just used a off-the-shelf keylogger to steal the data. You could easily make a chip and pin pad that did the same thing and was just as easy to compromise. For real security, you'd need to do something like have the reader internally encrypt the data with the card processor's public key and only send an encrypted blob out of the device. If you're doing that, then anything's secure against this kind of attack. But the readers would have to cost like 10x more, and it probably isn't enough of a problem to bother replacing them all. |
|
|