Roland Turner

about | contact

Pay-at-the-Pump Skimming

This is peculiar. If true, it indicates some surprisingly careless security engineering.

Decades ago I worked with Unisys EFTPOS terminals (the type you see at supermarket checkouts). These were of a type which had the PIN-entry keypad on the end of a cable, while the card slot was in the main body of the unit. A perceived risk was that someone could tamper with the unit and install sniffing hardware/software to learn the user’s PIN. To thwart this, the keypads included a DES key stored in supercap-backed-SRAM for encrypting the PIN before it ever left the keypad (the main body of the unit did not have this key; the computer inside it never had access to the plaintext PIN) and a tamper switch in the keypad which would short out the SRAM’s power pins the instant the keypad’s case was opened, thereby destroying its copy of the DES key and rendering the keypad permanently useless if opened.

It would seem that the same approach could readily be applied to terminals embedded in gasoline/petrol pumps; the card-scanner and/or PIN keypad should be in sealed units which are rendered permanently inoperative (by instantly losing/destroying a stored key) if opened.

Naturally, this is just one of dozens of vulnerabilities that such a device has; decisions about which counter-measures to employ are always about trade-offs. Nonetheless, this seems an odd choice.