more good news from the financial sector
"
PIN Crackers Nab Holy Grail of Bank Card Security"
The attacks, says Bryan Sartin, director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States.
"We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source ... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks."
This means that the debit card is broken, and any time you buy something, thieves can empty your account. There is nothing you can do to prevent this.
"It's a very difficult challenge to protect against the lazy administrator," says Brian Phelps, director of program services for Thales. "Out of the box, the HSMs come configured in a very secure fashion if customers just deploy them as is. But for many operational reasons, customers choose to alter those default security configurations — supporting legacy applications may be one example — which creates vulnerabilities."
Redesigning the global payment system to eliminate legacy vulnerabilities "would require a mammoth overhaul of virtually every point-of-sale system in the world," he says.
This means that it is impossible to fix.