Wired (April 14, 2009)
"Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches.
"The attacks, says Bryan Sartin, director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States...."
The article's a bit on the technical side, but isn't all geekspeak. And, "PIN Crackers..." addresses a very serious problem.
Basically, hackers have gotten more sophisticated in how they author malware - and administrators haven't been keeping up.
I'd recommend reading the whole article, just to keep up to date.
Just the Lemming's opinion, but: I think this problem doesn't have a strictly technical solution. Right now, the Internet's a bit like a frontier: largely wild, unpatrolled, territory where law doesn't extend much beyond where a local sheriff can see.
There are advantages to that - the Internet is one of the very few places where people with unsanctioned ideas can publish. But there are also disadvantages: like this PIN situation.
I think that it may be another thirty years, at least, before several things come together to make a solution possible:
- People who have grown up with the Internet, and understand it to some extent, are old enough to be in positions of authority and responsibility in business and government
- Enough countries are sufficiently connected to the Internet - and have political leaders who are not afraid of its citizens