Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
EMV
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==== Successful attacks ==== Conversation capturing is a form of attack which was reported to have taken place against [[Royal Dutch Shell|Shell]] terminals in May 2006, when they were forced to disable all EMV authentication in their petrol stations after more than Β£1 million was stolen from customers.<ref>{{cite news |url=http://news.bbc.co.uk/2/hi/uk_news/england/4980190.stm |title=Petrol firm suspends chip-and-pin |work=BBC News |date=6 May 2006 |access-date=13 March 2015}}</ref> In October 2008, it was reported that hundreds of EMV card readers intended for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been tampered with in China during or shortly after manufacture. For nine months, details and PINs of credit and debit cards were sent over mobile phone networks to criminals in [[Lahore]], Pakistan. United States National Counterintelligence Executive Joel Brenner said, "Previously only a nation state's intelligence agency would have been capable of pulling off this type of operation. It's scary." Stolen data was typically used a couple of months after the card transactions to make it harder for investigators to pin down the vulnerability. After the fraud was discovered it was found that tampered-with terminals could be identified as the additional circuitry increased their weight by about 100 grams. Tens of millions of pounds are believed to have been stolen.<ref>{{cite news |title=Organized crime tampers with European card swipe devices |publisher=The Register |date=10 October 2008 |url=https://www.theregister.co.uk/2008/10/10/organized_crime_doctors_chip_and_pin_machines/}}</ref> This vulnerability spurred efforts to implement better control of POS devices over their entire lifecycle, a practice endorsed by electronic payment security standards like those being developed by the Secure POS Vendor Alliance (SPVA).<ref>{{cite web|title=Technical Working Groups, Secure POS Vendor Alliance |year=2009 |url=http://www.spva.org/technicalWorking.aspx/ |url-status=dead |archive-url=https://web.archive.org/web/20100415180123/http://www.spva.org/technicalWorking.aspx |archive-date=15 April 2010 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)