There’re a number of attacks around modifying the EFTPOS smart card terminals. This is especially a problem when the same PIN can be used for the CHIP n PIN entry as is used for the magnetic strip. I.e. take a copy of the magnetic strip, and even if the user then uses CHIP n PIN you can send those details (magnetic strip + pin) overseas and make withdrawals from ATMs that don’t use a CHIP reader.
Most of the problems come down to the one simple problem; the user does not have the technical skills to determine whether they should trust a particular ATM or EFTPOS machine.
One simple answer to all this problem of trusted hardware may be to have smart cards with PIN pads built in and a small display.
- You would insert your card in the ATM/EFTPOS machine.
- Choose the transaction (I.e. withdrawal $100, or pay $12.34 for some goods).
- Remove the card from the ATM/EFTPOS terminal.
- The card would then have a small display showing how much you were authorising and potentially who you were paying as well.
- You would then enter your PIN on keys / touch sensor built into the smart card.
- Re-insert your card in the ATM/EFTPOS terminal to complete the transaction.
I don’t think the technology is too much of a problem. Building a display and pin-pad into a card that remains as thin as current ones may be a challenge, though not an insurmountable one I suspect.
But then again, why not just use a trusted computing device with short range communications to authorise payments. i.e. Swipe your phone past the eftpos machine, transactions under $100 automatically authorised, up to $300 user clicks OK on phone to authorise, phone requires a pin number to authorise anything more.