A new Bluetooth overlay skimmer block chip-based transactions

Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe.

The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer that interfered with the terminal’s ability to read chip-based cards, forcing the use of the magnetic stripe. The device was found in an unnamed retail chain in the United States.

The payment card skimmer included a PIN pad overlay and was able to physically block chip-based transactions.

The PIN pad overlay was designed to capture, store and transmit via Bluetooth payment card data stolen on the stripe along with the PIN provided by the clients on the terminal.

“The hidden magnetic stripe reader is in the bottom left, just below the Bluetooth circuit board. A PIN pad overlay (center) intercepts any PINs entered by customers; the cell phone battery (right) powers all of the components.” wrote Brian Krebs on Krebsonsecurity.com.

Chip-based payment cards are more difficult to clone, for this reason, crooks forced the use of the magnetic stripe present on the card for backward compatibility. The recently discovered overlay skimmer included a physical component that blocks chip-based transactions on the terminal, forcing the customer to swipe the stripe.

Krebs explained that the overlay skimmer was undetected for several weeks.

Krebs pointed out that once obtained the payment card data and the PIN, cybercriminals can clone the card and use them to withdraw money at an ATM.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, Skimmer)

The post A new Bluetooth overlay skimmer block chip-based transactions appeared first on Security Affairs.