I have come across an article which states the following:
According to MWR InfoSecurity, cybercriminals can use fake cards containing a software code to gain access not only to a customer's PIN and primary account numbers shown on the front of a plastic card, but also to the merchant's IT network. Sophisticated attackers may even be able to gain access to PIN pad terminals without the terminal owner being aware that their security systems have been breached.
This can be done very simply. For example, a customer in a restaurant can pretend to make their payment using a Trojan card which allows them to gain access to the payment terminal. All PIN numbers and other cardholder information that passes through the terminal from that point onwards are then captured by the fraudulent card user using existing communication channels (e.g. WiFi, Bluetooth or a mobile cellular network). Alternatively, these criminals can simply return and re-insert the smart card to collect the recorded data from the payment device.
I am struggling to understand the authenticity of this. Can anybody shed some light on the possibility (or plausibility) of this as well as how a hacker would go about performing this type of attack? I don't imagine this is quite as trivial as they make it sound.
Update:
I think it's important to note the following research performed by Lucas Kauffman:
http://security.blogoverflow.com/2012/08/exploiting-atms-a-quick-overview-of-recent-hacks/
