New PIN Crackers Make Card Skimmers Look Small-Time

Instead of using mechanical means to steal from debit cardholders, some thieves are using malware to swipe huge numbers of encrypted and unencrypted PINs. It's not yet widespread, but it'll take serious work to prevent.

Basically, when you type your PIN into an ATM, the PIN is encrypted by the bank, only to be decrypted by your own bank, who (hopefully) approves the transaction. That leaves two ways for these thieves to get access to swathes of PINs. First, they can install malware to copy the PINs in the brief time they're decrypted, while they're sitting in a bank's memory cache waiting to be authorised. Banks typically rely on anti-virus software to catch this kind of attack, and resourceful hackers have taken advantage of this inattention. The second way involves a piece of software that tricks the bank's security software into providing the decryption key for the PINs.

This kind of thievery isn't a huge problem yet, but experts are concerned that it may become more prevalent, and the solution may require a fairly extensive overhaul of these security systems. That kind of upgrade costs a lot of money, and we all know that banks are sort of not doing that well these days. Check out the full read, it's a little bit scary and pretty interesting. [Wired]