The corrupted devices are an extra three to four ounces heavier because of the additional parts they contain, and the simplest way to identify them has been to weigh them. A MasterCard International investigator said: "As recently as a month ago, there were several teams of people roaming around Europe putting the machines on scales and weighing them. It sounds kind of old school, but the only other way would be to tear them apart."
The illicit transactions took place at least two months after the information had been stolen, making it difficult for investigators to work out what had happened.
But after six months of fruitless investigation, investigators spotted an attempt at a similar fraud on a card which had only been used in one location in Britain. The chip and pin machine from the particular store was passed to MasterCard's international fraud lab in Manchester for inspection.There has been no announcement of anybody having been arrested, and the criminals got away with a tidy profit, so one can probably chalk this down as a success for the criminals, and a serious failure of security (for one, the chip-and-pin protocols governing communication between the chip on the card, the reader and the network seems to be too weak by far if they allow a card to be cloned; shouldn't the system be using some form of challenge-response security rather than handing all the information over in one go)?
Please keep comments on topic and to the point. Inappropriate comments may be deleted.
Note that markup is stripped from comments; URLs will be automatically converted into links.