While chip and pin is widely used in Europe, the US has only just started to use the technology.
Concerns across the pond are that this makes them a new target for hackers, according to researchers at the Black Hat conference in Las Vegas.
They demonstrated how hackers were able to use mostly unmodified ATM machines to dispense hundreds of dollars -similar to how hackers would possibly use the machines.
Tom Beardsley, security manager for Rapid7, who oversaw the hack, said:
About the hack
The story is quite a concerning one as the “hack” was able to get ATMs to spit money out!
Rapid7 disclosed the vulnerabilities of the hack at the conference to major banks and ATM makers. Specifics were not shared in order to prevent the same technique being used, and whilst this story stems from the move in the U.S. to use chip and pin, we should all be concerned – especially since we use it so much over here in the UK.
The hack is a two stage process…
The criminals first modify the point-of-sale machines by adding a device which sits between the victims chip and the receptor in the machine where the card is inserted. This device is known as a shimmer.
The shimmer then reads the chip when the card is inserted. It also reads the pin that is entered and all of this information is sent to the criminals.
For the second part of the hack, criminals then download the information from the stolen card to a Smartphone which can basically recreate the card in any ATM.
The chip and pin is meant to add more security compared to people swiping the magnetic strip, which allowed criminals to copy the information on the cards and have unlimited access to the card information.
The chip and pin only provides a small window of opportunity making it harder for the criminals.
The ATM can be instructed to withdraw cash constantly, and at any point. This mean that criminals could have a vast collection of modified points of sale system that allows them to have a constant stream of cash.