Infosecurity Company Finds Potential Vulnerability in Some Credit Card Terminals
MWR Infosecurity, an information security research consultancy, has found vulnerability in older Verifone credit card terminals which allows information stored in the machines to be extracted in a two part operation.
To accomplish the task, a credit card with a modified chip must be swiped at a terminal, after which the payment will be immediately rejected. The initial swipe installs software on the terminal which collects the information on subsequent credit card transactions as the hours or days go by until someone returns to swipe another modified credit card that downloads the collected information onto their card’s chip. All of this happens without the slightest indication that information is being compromised.
A Quick Response
Verifone responded by saying the vulnerability only exists in older terminals and that it has taken steps to upgrade their software to inhibit this scenario. They said they will contact susceptible parties once the upgrade has met their requirements and is ready for distribution.
As payment processing technology evolves rapidly through the next decade, it shouldn’t come as a surprise that advancements will come with a series of vulnerabilities that creative criminals will exploit.