Ho trovato un articolo che afferma quanto segue:
According to MWR InfoSecurity, cybercriminals can use fake cards containing a software code to gain access not only to a customer's PIN and primary account numbers shown on the front of a plastic card, but also to the merchant's IT network. Sophisticated attackers may even be able to gain access to PIN pad terminals without the terminal owner being aware that their security systems have been breached.
This can be done very simply. For example, a customer in a restaurant can pretend to make their payment using a Trojan card which allows them to gain access to the payment terminal. All PIN numbers and other cardholder information that passes through the terminal from that point onwards are then captured by the fraudulent card user using existing communication channels (e.g. WiFi, Bluetooth or a mobile cellular network). Alternatively, these criminals can simply return and re-insert the smart card to collect the recorded data from the payment device.
Sto lottando per capire l'autenticità di questo. Qualcuno può far luce sulla possibilità (o plausibilità) di questo e su come un hacker potrebbe eseguire questo tipo di attacco? Non immagino che sia così banale come lo fanno sembrare.
Aggiornamento:
Penso che sia importante notare la seguente ricerca eseguita da Lucas Kauffman :