An article relating to this blog post on Finextra:
Fraudsters rigging Chip and PIN terminals to steal data - report
Hundreds of Chip and PIN terminals in shops and supermarkets across Europe have been rigged by criminals and used to steal shoppers' card details, according to US national counter-intelligence executi...
See article
Conventional wisdom says that if merchants will just comply with PCI (payment card industry data security standard), then crooks will not steal card data from merchants. Under this wisdom, the US Federal Trade Commission has been punishing merchants like
TJX. However, I don't see how PCI compliance would have stopped this POS terminal hack. The terminals showed no external evidence of tampering! Given how sophisticated the crooks are becoming, my suspicion is the credit card system must change entirely, so
that it relies much less on protection of secrets like card number + PIN and more on multiple channels of communication with users (e.g., when I use card, I
instantly get phone text message, to which I must reply). --Ben