funsec mailing list archives
Re: Hackers prepare (not-so-typical) supermarket sweep
From: Jim Murray <jim () digitaldaemons co uk>
Date: Tue, 02 Sep 2008 22:37:01 +0100
Juha-Matti Laurio wrote:
"Self-checkout systems in UK supermarkets are being targeted by hi-tech criminals with stolen credit card details. A BBC investigation has unearthed a plan hatching online to loot US bank accounts via the checkout systems.
The scam works because US cards don't use 'chip and pin', they rely on the magnetic stripe. The same dodge would work in reverse (ie. a UK card in a US store, as their equipment doesn't handle chip & pin transactions).
Fake credit cards loaded with details from the accounts will be used to get cash or buy high value goods. The supermarkets targeted said there was little chance the fraudsters would make significant gains with their plan.
I'm inclined to agree with that. It'd be difficult to get away with any significant value of goods - even your dumbest store security guard is going to notice the same guy buying high value items repeatedly (they tend to be bulky, security tagged and require staff assistance!). Automatic checkouts in my experience do not generally offer cash.
The thieves claim to have comprehensive details of US credit and debit cards passed to them from an American gang who tapped phone lines between cash machines and banks."
I do hope that is a case of inaccurate reporting. I was under the impression that the links between banks and ATM's were encrypted so 'tapping the lines' really shouldn't get them anything. More likely is 'skimming' the card (copying the magstripe data) either manually by swiping it through an extra reader when the cardholder isn't looking or automatically by sticking a disguised reader on the front of an ATM. Of course, you could always sit outside your local store with a wifi sniffer... There have been reports in the UK of such skimmers being used in conjunction with miniature wireless video cameras to steal card data & PIN's... Jim. -- DigitalDaemons IT Services. --------------------------------------- E-Mail : jim () digitaldaemons co uk PGP Key ID : 0xB7066495 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Hackers prepare (not-so-typical) supermarket sweep Juha-Matti Laurio (Sep 02)
- Re: Hackers prepare (not-so-typical) supermarket sweep Jim Murray (Sep 02)