Instead of using mechanical means to steal from debit cardholders, some thieves are using malware to swipe huge numbers of encrypted and unencrypted PINs. It's not yet widespread, but it'll take serious work to prevent.
Basically, when you type your PIN into an ATM, the PIN is encrypted by the bank, only to be decrypted by your own bank, who (hopefully) approves the transaction. That leaves two ways for these thieves to get access to swathes of PINs. First, they can install malware to copy the PINs in the brief time they're decrypted, while they're sitting in a bank's memory cache waiting to be authorized. Banks typically rely on anti-virus software to catch this kind of attack, and resourceful hackers have taken advantage of this inattention. The second way involves a piece of software that tricks the bank's security software into providing the decryption key for the PINs.
No comments:
Post a Comment