WO2009103136A2 - Procédé et équipement pour indiquer la falsification d'un terminal de lecture de carte - Google Patents
Procédé et équipement pour indiquer la falsification d'un terminal de lecture de carte Download PDFInfo
- Publication number
- WO2009103136A2 WO2009103136A2 PCT/BR2009/000043 BR2009000043W WO2009103136A2 WO 2009103136 A2 WO2009103136 A2 WO 2009103136A2 BR 2009000043 W BR2009000043 W BR 2009000043W WO 2009103136 A2 WO2009103136 A2 WO 2009103136A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- terminals
- voltage
- equipment
- adulteration
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
Definitions
- the present invention refers to the field of cards used to effect payments in commercial establishments and similar businesses, and refers more particularly to reading and password input terminals used in association with the said cards.
- debit and credit cards constitute almost universal means to effect payments, due to the advantages afforded thereby over other means, such as currency or checks.
- debit cards represent a secure means for conducting financial transactions, since the transfer of amounts between the accounts of the payer and the beneficiary is practically instantaneous.
- the information carried in the cards is recorded in a magnetic strip or in an embedded chip, and such information relates to the card holder, the bank account number, the bank or financial institution where the card holder has an account, the term of validity of the card, etc.
- the use of the card for financial transactions comprises the reading of the magnetic strip by the equipment and the typing of the password in a numeric keypad by the card holder.
- This data is transmitted through a data communication line (usually by means of a dial-up connection) to the financial institutions involved in the transaction, and there is issued a receipt confirming the transfer.
- a data communication line usually by means of a dial-up connection
- One of the manners of defrauding these systems consists in the use of a device known by the designation of skimmer, which stores the data of the terminal users that utilize the same to effect payments.
- the same are provided with security means such as normally closed contacts which open if the cover is removed, erasing the application software and the cryptographic key installed in the terminal.
- security means such as normally closed contacts which open if the cover is removed, erasing the application software and the cryptographic key installed in the terminal.
- the defrauder is able to close the said contacts permanently (by soldering, for example), in order to preserve the normal operation of the terminal even after the same has been opened. After installation of the skimmer the holes are concealed or obstructed such that they might not be noticed in a perfunctory examination.
- the defrauder makes/performs/realizes the alterations in the apparatus, such alterations consisting in the installation of a data pickup unit to capture the data of each transaction, including in addition to the skimmer, a microcontroller and a high capacity memory.
- the skimmer is connected in parallel with the magnetic strip reader, in order to extract the card identification data contained in the strip.
- the defrauder maps each point of the keypad, by means of connections between the key contacts and the said pickup unit, to thereby store the user password together with the data extracted during the readout of the strip.
- the next phase of the fraud which consists in extracting the data stored in the memory.
- extraction can be conducted at the establishment itself, using normally unused contacts of the terminal's output connector, and connecting thereto a processor adapted/prepared/programmed - for example, a notebook computer - and using a password that releases the access to the information recorded in the memory.
- a processor adapted/prepared/programmed - for example, a notebook computer - and using a password that releases the access to the information recorded in the memory.
- the information obtained by means of the above mentioned fraud are then used for cloning credit cards, and more often, debit cards.
- a first object of the invention consists in detecting the presence of a defrauding device installed in a terminal.
- One other object of the invention consists in providing means to effect such detection without the need of gaining access to the inside of the terminal by removing the cover thereof.
- One further object of the invention consists in the provision of means that may be adapted to terminals of various origins.
- the said alterations consist in the change of the original electrical characteristics of the communication connectors of the terminals.
- the said alterations consist in the change of the voltage value present in certain contacts of the said connectors.
- the said alterations consist in the change of the impedance value between certain contacts of the said connectors.
- the said alterations consist in the presence of an electrical voltage between contacts between which there is normally no difference of voltage.
- the said alterations consist in an alteration of the voltage present between certain contacts of the said connectors.
- the said alterations consist in a consumption of energy outside of the ranges of normal consumption of the said terminals.
- the said alterations comprise an impedance value outside of the range of normal values of the said terminals, when measured between the points used to supply power to the terminal.
- the said alterations consist in the change of the value of the electrical current in certain contacts.
- the said alterations comprise the occurrence of a transient with characteristics different from that which normally occurs when the terminal is powered up.
- the equipment used comprises circuits that provide a luminous indication of the existence of adulteration in the terminals.
- the said equipment is coupled to one of the external connectors of the terminal being tested, where the said luminous indication occurs when the voltages present in certain pins of the said connectors show values different from those presented in original unadulterated terminals.
- the said equipment comprises serial circuits including a light emitting diode (LED) intercalated between the said certain pins, where the lighting of the said LED indicates the presence of a difference of voltage between pins, while there is no such difference of voltage between those pins in the genuine terminals.
- LED light emitting diode
- the said equipment comprises a device that prevents the flow of current through a LED when the voltage between the said certain pins is lesser than the value existing in the genuine terminals.
- Figure 1 is an electrical blueprint diagram of the equipment used to detect adulterations in terminal model i5100 of the manufacturer Ingenico.
- Figure 2 is an electrical blueprint diagram of the equipment used to detect adulterations in terminal model i3500 of the manufacturer Ingenico.
- Figure 3 is an electrical blueprint diagram of the equipment used to detect adulterations in terminal model Nurit 8320 of the manufacturer Verifone.
- Figure 4 is an electrical blueprint diagram of an alternative version of the equipment shown in the preceding figure.
- the identification of adulteration in the terminals is carried out by detecting a voltage in contacts between which there is normally no difference of voltage.
- this voltage difference is apparent between contacts nos. 1 and 4 of the RS232-1 external connector.
- the detector equipment comprises a male connector 10 that plugs into the terminal's RD232-1 communication connector, the said connector being connected by way of an eight-conductor cable 11 to the detector equipment itself 12. Inside the latter there is provided a serial circuit formed by a 47-ohms resistor 14 provided in series with a LED 15, intercalated between contacts nos. 1 and 4.
- the presence of a difference of voltage between the contacts nos. 1 and 4 of the RS-232 connector is transferred to the detector equipment, causing a current to flow across the resistor 14 and the LED, which will light up to indicate the existence of adulteration in the terminal.
- detector 24 depicted in Figure 2 which identifies alterations in the external connector of the PinPad terminal model i3500 of the manufacturer Ingenico.
- the detector is intercalated between the RJ45type Jack 28d, which connects to the original feed cable connected to the cash register, and the female RJ45 connector 21 of the PinPad i3500 (not shown).
- the connector 21 is mounted on the first end of an eight-conductor cable 22, in which second end there is mounted a male RJ45 connector 23, which couples to the input connector 25 of the detector equipment 24.
- the pins 2 and 3 of this latter connector are connected, by means of the said cable, to the pins with the same numbering of the PinPad connector 21.
- these pins are connected to the pickup unit in order to provide an access through which the defrauder will extract the stored data. Due to this connection, there is a voltage difference between pins nos. 2 and 3 of the external connector 21 of the PinPad terminal. This voltage difference is transferred to the detector equipment and activates the LED 27, accusing the presence of adulteration in the terminal.
- FIG 3 there is illustrated a blueprint diagram of a detector that indicates the existence of the pickup unit installed in a terminal of the type described.
- the voltage between pins nos. 1 and 3 of the external connector intended for connection with a PinPad is of the order of 16 Volts. In an adulterated terminal, this voltage has s substantially lesser value, which may be as low as 5 Volts.
- the detector circuit comprises, in addition to the LED 38 and the resistor 37 connected in series, a voltage regulator 34 also connected in series with the mentioned components, forming a serial arrangement between pins nos. 1 and 3 of connectors 31 and 33.
- the voltage regulator In normal conditions, that is, with a voltage in the order of 16 Volts between the said pins, the voltage regulator operates normally, supplying sufficient power to light up the LED 38. In case of a lower voltage between the said contacts, the regulator ceases to operate and the LED 38 does not light up, which indicates the existence of adulteration in the terminal due to the installation of a pickup means.
- the voltage regulator integrated circuit may be substituted with a component or a set of components that block the flow of current when the voltage between the monitored contacts falls below its normal value.
- Figure 4 illustrates an alternative version of this circuit, where the voltage regulator L7805 was substituted with a Zener diode 39 with a voltage conduction value of the order of 16 Volts. Should the voltage between contacts nos. 1 and 3 be lower than this value - for example, 10 Volts - the Zener will cease to conduct and the LED will remain unlighted.
- the detection can be carried out by monitoring the current transient that occurs upon applying power to the terminal.
- the characteristics of the power-up transient such as the current intensity peak, the duration thereof, its shape, etc.
- this survey there will be determined the range of values deemed normal, such that the detection of values outside of that range - for example, of current peak - will indicate the existence of adulteration in the terminal.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Details Of Connecting Devices For Male And Female Coupling (AREA)
- Storage Device Security (AREA)
- Medical Treatment And Welfare Office Work (AREA)
- Cash Registers Or Receiving Machines (AREA)
Abstract
L'invention concerne un procédé et un équipement pour indiquer la falsification dans un terminal de lecture de carte du type POS ou PinPad, sur la base de l'identification de modifications dans les caractéristiques électriques du terminal. Une telle falsification consiste en l'installation frauduleuse, à l'intérieur du terminal, d'un dispositif de collecte qui stocke les informations et les mots de passe des cartes qui sont traitées par le terminal, ces données étant utilisées ultérieurement pour le clonage de cartes. Lesdites caractéristiques électriques comprennent, entre autres, des modifications dans les valeurs de tension mesurées entre certaines broches du connecteur externe du terminal, lesdites modifications étant la conséquence de l'installation frauduleuse dudit dispositif. L'équipement indique la présence du dispositif de collecte par l'activation d'un témoin lumineux, tel qu'une DEL.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BRPI0800254 BRPI0800254A2 (pt) | 2008-02-21 | 2008-02-21 | método e equipamento indicador de adulteração em terminal de leitura de cartões |
BRPI0800254-1 | 2008-02-21 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2009103136A2 true WO2009103136A2 (fr) | 2009-08-27 |
WO2009103136A3 WO2009103136A3 (fr) | 2009-10-22 |
Family
ID=40897331
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/BR2009/000043 WO2009103136A2 (fr) | 2008-02-21 | 2009-02-19 | Procédé et équipement pour indiquer la falsification d'un terminal de lecture de carte |
Country Status (2)
Country | Link |
---|---|
BR (1) | BRPI0800254A2 (fr) |
WO (1) | WO2009103136A2 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2466505A1 (fr) | 2010-12-01 | 2012-06-20 | Nagravision S.A. | Procédé d'authentification de terminal |
US11062548B2 (en) | 2017-05-17 | 2021-07-13 | The Toronto-Dominion Bank | Card reader tampering detector |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02165582A (ja) * | 1988-12-19 | 1990-06-26 | Nec Corp | 接続チェック回路付コネクタ |
FR2659770A1 (fr) * | 1990-03-14 | 1991-09-20 | Sextant Avionique | Dispositif de detection de carte a circuit integre frauduleuse. |
US6799274B1 (en) * | 2000-03-30 | 2004-09-28 | Western Digital Ventures, Inc. | Device comprising encryption circuitry enabled by comparing an operating spectral signature to an initial spectral signature |
JP2006109943A (ja) * | 2004-10-12 | 2006-04-27 | Kita Denshi Corp | 不正検出回路、遊技機及び遊技場システム |
WO2008034653A1 (fr) * | 2006-09-19 | 2008-03-27 | Siemens Aktiengesellschaft | Procédé et arrangement pour constater une manipulation non autorisée d'un équipement électrique |
-
2008
- 2008-02-21 BR BRPI0800254 patent/BRPI0800254A2/pt not_active IP Right Cessation
-
2009
- 2009-02-19 WO PCT/BR2009/000043 patent/WO2009103136A2/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02165582A (ja) * | 1988-12-19 | 1990-06-26 | Nec Corp | 接続チェック回路付コネクタ |
FR2659770A1 (fr) * | 1990-03-14 | 1991-09-20 | Sextant Avionique | Dispositif de detection de carte a circuit integre frauduleuse. |
US6799274B1 (en) * | 2000-03-30 | 2004-09-28 | Western Digital Ventures, Inc. | Device comprising encryption circuitry enabled by comparing an operating spectral signature to an initial spectral signature |
JP2006109943A (ja) * | 2004-10-12 | 2006-04-27 | Kita Denshi Corp | 不正検出回路、遊技機及び遊技場システム |
WO2008034653A1 (fr) * | 2006-09-19 | 2008-03-27 | Siemens Aktiengesellschaft | Procédé et arrangement pour constater une manipulation non autorisée d'un équipement électrique |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2466505A1 (fr) | 2010-12-01 | 2012-06-20 | Nagravision S.A. | Procédé d'authentification de terminal |
US8683581B2 (en) | 2010-12-01 | 2014-03-25 | Nagravision S.A. | Method for authenticating a terminal |
US11062548B2 (en) | 2017-05-17 | 2021-07-13 | The Toronto-Dominion Bank | Card reader tampering detector |
Also Published As
Publication number | Publication date |
---|---|
BRPI0800254A2 (pt) | 2011-04-19 |
WO2009103136A3 (fr) | 2009-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7840493B2 (en) | Prepayment system for electric power meters using a contactless smart card with an automatic supply cut-off device | |
Scaife et al. | Fear the reaper: Characterization and fast detection of card skimmers | |
RU2428743C2 (ru) | Фискальный принтер | |
US8522049B1 (en) | Secure processor for extreme outdoor temperature conditions | |
EP2506226A1 (fr) | Système et procédé de paiement par carte à circuit intégré (ic) et carte à circuit intégré (ic) à applications multiples et terminal de paiement | |
CN106355096A (zh) | 篡改检测 | |
US9595848B2 (en) | Controlling power provided to an automated banking system | |
CN103794000A (zh) | 读取非接触ic卡数据失败的处理方法及实施该方法的设备 | |
US8985447B2 (en) | Secure payment card interface | |
US20220108591A1 (en) | ATM Frauds Detection by Machine Learning System: SentryWare and SentryManager | |
WO2009103136A2 (fr) | Procédé et équipement pour indiquer la falsification d'un terminal de lecture de carte | |
KR101230765B1 (ko) | 스토리지 카드 또는 메모리 카드용 착탈식 카드 브릿지 | |
US10360416B1 (en) | Card reader anti-theft devices and methods | |
US7202782B2 (en) | Method and apparatus for disabling an integrated circuit (IC) when an attempt is made to bypass security on the IC | |
EP1808830A1 (fr) | Système de détection de fraude pour des terminaux d'un point de vente | |
US20090064340A1 (en) | Apparatus and Method to Prevent the Illegal Reading of Smart Cards | |
EP2701091A1 (fr) | Module de commande et de surveillance de dispositifs de sécurité | |
CN107808463B (zh) | 提供用于进行交易的电力的设备、方法和计算机可读介质 | |
WO2022064780A1 (fr) | Dispositif de traitement d'informations et dispositif de transaction automatique | |
GB2028555A (en) | Portable memory module | |
JP2009070165A (ja) | ピンパッド及び決済端末 | |
KR20030083805A (ko) | 후불형 전자화폐 거래 시스템 및 그 방법 | |
KR20040008747A (ko) | 스마트 카드를 이용한 전자화폐 구매 단말기에서의전자화폐 수집, 정산장치 및 그 방법 | |
EP2824623A2 (fr) | Terminal de paiement intégrant des fonctions de caisse enregistreuse | |
KR20100025312A (ko) | 금융자동화기기 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09711635 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09711635 Country of ref document: EP Kind code of ref document: A2 |