The banking industry spends a lot of effort, time, and money to protect bank cards. For years, their protection consisted of embossed digits and a signature field, but now smart chips and one-time passwords stand guard between your money and the criminals who want it.<\/p>\n
The new chip and PIN cards (an EMV standard<\/a>) promised greater security than simple magnetic stripe cards, but no sooner were they deployed than criminals tried to break their protection. Fortunately, criminals are not the only ones testing them; security experts also investigate the systems. Company researchers probe for vulnerabilities in the equipment and architecture of payment systems, trying to find them and warn developers so that they can patch holes before criminals find a way in.<\/p>\n The researchers\u2019 Black Hat presentation offered cause for both hope and anxiety: Yes, criminals can<\/em> steal money from chip cards \u2014 but people are not helpless to protect themselves. Two employees of NCR Corp., a company that develops payment terminals and ATMs, presented<\/a> an attack at payment terminals commonly used in stores and gas stations. Using small and cheap Raspberry Pi computer, they inserted themselves into the communication between the store\u2019s main computer (roughly speaking, the cash register) and the payment module (roughly speaking, the PIN pad). <\/p>\n In general, communication between these two systems has to be properly encrypted, but in many cases, the terminal is set up to use weak encryption. As a result, criminals can carry out man-in-the-middle<\/a> attacks: They intercept communication data between the payment module and the main computer and decrypt it. <\/p>\n Unfortunately two-factor authentication can't save you from #banking<\/a> Trojans https:\/\/t.co\/dEKfOWPaXo<\/a> #mobile<\/a> pic.twitter.com\/hRP7WnTNmS<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) March 11, 2016<\/a><\/p><\/blockquote>\n\n