New security problem for credit and debit cards

(MoneyWatch) COMMENTARY Make purchases using a debit or credit card and one of those keyboards the clerk hands you? You might want to be a bit more wary, according to U.K. security consulting company MWR InfoSecurity. The firm warns that the so-called PIN pads are putting many consumers at risk.

MWR InfoSecurity researchers say they've discovered that the devices aren't secure. According to a press release from the firm, criminals can use specially-created fake cards that introduce codes to give complete access to card numbers and passwords, as well as retailer card networks.

Once one of these fake cards hacks the system, criminals can harvest all the legitimate card information that comes afterward by getting into the retailer's network through the Internet, or just by showing up again and running the same card to collect the data.

It wouldn't be the first time that criminals attacked the devices. Organized criminal gangs were suspected to have tampered with hundreds of machines used in Europe in 2008, either while the devices were being built in China or shortly after. The criminals were able to successfully steal tens of millions of dollars.

According to the firm, manufacturers have been in such a rush to bring new products to market, they have made security a low priority. The devices are particularly vulnerable when on a Wi-Fi network.

MWR InfoSecurity says that it has contacted the vendors of these systems, but is unable at the time being to make additional public statements to avoid giving criminals more insights. The kicker is that any such breach would be difficult to detect, according to the security firm.

Given the nature of the problem, there is nothing consumers can do to protect their information other than not use their cards if merchant card readers have attached pin pads and to monitor their card or bank activity for unauthorized use.