Tuesday, October 27, 2015

Square Reader credit card hack

Here's one more blog on security issues in honor of Cyber Security Month. This one is on a recent hack that uses the compact Square credit card reader to "skim" credit cards that are swiped.

A malicious seller could use modified Square Reader hardware/software to record a victim's credit card information at the same time as he's swiping it for forward to Square servers for processing. According to researchers at Boston University, it takes about 10 minutes to turn the Square scanner into a skimmer. This hack also allows the skimmer to "record" the swipe for later playback to charge the customer's card later. 

The research was presented at this year's Black Hat security conference. Here are the details, if you're interested – it's a fascinating read: https://www.blackhat.com/docs/us-15/materials/us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader-wp.pdf 

Square claims that it's the magnetic stripe cards that are the cause of this issue and say that their readers that use chip technology are secure.

My advice: don't hand your credit card over to anyone you don't really trust. Also keep an eye on the transactions on-line or in your monthly statement – and contest the one's you didn't authorize. Finally, if you don't already have one, you should request a chip credit card from your bank or card issuer – they are more secure than the mag strip cards.

No comments:

Post a Comment