A team of security researchers in Germany found, that any card data may be stolen right off the terminals designed to protect it. This risk can not be easily fixed. Not only customers but shops can find this technology turned against them.
The German researchers has discovered a way to steal payment card data from terminals without the need for a skimmer or POS hardware that’s been compromised. The researchers were able to do it over an ordinary WiFi network. When a Russia Today reporter paid the team a visit to see the attack firsthand they were able not only to capture his PIN but also produce a cloned credit card within minutes.
The flaw that allows them to pull off their attacks isn’t something that can be easily patched in software. It’s a shortcoming in the protocol used by the payment terminal when it transmits data, and apparently banks aren’t exactly falling over themselves to figure out a fix.
That hack can affect you if you’re shopping in Germany, the terminals you’re making payments on don’t rely on the ZVT protocol. Banks are acknoledged of this problem but are reluctant to react to it.