In a recent interview with the UK’s Daily Telegraph, Dr Joel Brenner, the US National Counterintelligence Executive, warned that hundreds of chip and pin machines in stores and supermarkets across Europe have been tampered with to allow details of shoppers’ credit card accounts to be relayed to overseas fraudsters.

Criminal gangs have allegedly doctored chip and PIN machines either during manufacturing in China or shortly after leaving the production line, in order to collect shopper credit card account details then transmit it overseas. The devices were then expertly resealed and exported to Britain, Ireland, the Netherlands, Denmark, and Belgium.

The counterintelligence chief is quoted as saying: “Previously only a nation state’s intelligence service would have been capable of pulling off this type of operation. It’s scary.”

Hundreds of devices have been copying credit and debit card details over the past nine months and sending the data by way of mobile phone networks to hackers in Lahore, Pakistan, The Telegraph report alleges. MasterCard first uncovered the plot at the start of the year after detecting suspicious charges to British and other European accounts.

The scam is believed to have resulted in the loss of tens of millions of pounds by criminals creating cloned cards, making phone or internet transactions, or withdrawing cash from the account. Thieves typically wait at least two months before using the stolen data in order to make it harder for investigators to determine what happened, says the report.

According to one commentator on the site, who apparently worked for the government of a certain OECD nation, security services had also discovered that Chinese made mobile phones could be switched on remotely and used as eavesdropping devices in meetings etc.  “To hear that EFTPOS equipment is also hacked surprises me not one iota,” he writes.

Filed under: Banking Secrets by editor Date 11 October, 2008