back to article Carders cash out hundreds of millions before USA adopts EMV

A hacker group has stolen some 10 million credit cards, putting itself in a position to score US$400 million (£279 million, A$516 million) by infecting 2000 payment terminals with the Trinity point of sales malware. Security firm FireEye and subsidiaries iSIGHT Partners and Mandiant examined the "Fin6" group last year after it …

  1. Lusty

    The US still hasn't done Chip and Pin? I thought they rolled it out ages ago before ApplePay was launched!

    1. Pascal Monett Silver badge

      The USA has a long history of not implementing anything that comes from Europe.

      They laughed for ages at Europe's "monopoly money", ridiculing the colors and everything else. Now, of course, they have grudgingly followed suit because money is everything after all.

      Chip & Pin is the same thing. I went on holiday in the US in 2014. When I first tried to pay gas with my card I found that, although the pump would accept my European Visa, it had maxxed the PIN length at five digits. Most people I know only use 4, but I use 6 digits. Without any way to enter the 6th digit, I couldn't use my card. I have no idea if 4-digit PIN cards work either - does it force 5 ? Whose bright idea was it to put artificial limits on PIN length ?

      In any case, just like Microsoft's IE, the US has its own implementation of Chip&Pin.

      Then, of course, the eternal subject of going metric. I doubt that will ever happen - the US is much to used to imposing standards on everyone else and currently has the tendency of snubbing anything that comes from Europe. Like the Bill of Rights.

      1. SkippyBing

        Couldn't get my 4 digit pin to work in a gas pump as, like you discovered, it was insisting on a fifth digit I didn't have. I was actually shocked in March when I managed to pay for something in Target using my chip & pin card for the first time, it was like a little piece of America had joined the 21st Century.

        1. Anonymous Coward
          Anonymous Coward

          Couldn't get my 4 digit pin to work in a gas pump as, like you discovered, it was insisting on a fifth digit I didn't have.

          Sure it was aksing for PIN and not ZIP code? Gas pumps I've tried ask for a ZIP code, and to my considerable surprise my 5-digit French "code postal" (from the card's billing address) is usually accepted

          I was actually shocked in March when I managed to pay for something in Target using my chip & pin card for the first time,

          Yes, happened to me in Macy's. Machine asked for PIN, I throught "this never works', but it did! Amazing.

        2. Wade Burchette

          I have had a 9 digit PIN for several years. I only found one place that wouldn't accept that PIN. What I did is I practiced typing my PIN code on my home keyboard. (You have to remember that your keyboard's top row 7-8-9 but the card terminal's top row is 1-2-3.) I practiced the motions so that muscle memory would take over. Now I can cover the keypad completely and type the PIN code in while have my left hand covering the entire keypad.

        3. fishman

          "I was actually shocked in March when I managed to pay for something in Target using my chip & pin card for the first time"

          I got my C&P card about a year ago, and WalMart was the only retailer to require it at that time.

          The cars still have the magnetic strip on them, and are still vulnerable just like the old cards. The chip can't be cloned, so the cloned cards can only be used at stores that don't have the chip readers. And there are lots of them.

      2. Anonymous Coward
        Anonymous Coward

        Americans stone age banking rules.

        are to blame for a lot of the problems.

        Take $10000 cash over a certain state lines? Got to jail for 10-15 years.

        Try to use an out of state bank card? No sale in many cities.

        Not got a US Zip code (especially in NYC, a New York one) when buying GAS? No sale.

        etc

        etc

        etc

        As I travel to the USA a lot, I have a prepaid card in USD. Even that has issues in some places (Getting Gas on Long Island seems to be especially hard. even worse near Brighton Beach???) yet on the outer banks in North Carolina? or in the middle of Arizona? no problem.

        It is almost as if the rest of the world does not exist. Well it won't once President Trump builds his wall to keep us undesirables out...

        1. Blake St. Claire

          Re: Americans stone age banking rules.

          > Try to use an out of state bank card? No sale in many cities.

          This only happens to me when I forget to tell my Credit Union that I'm traveling. It's a security (mis)feature.

          My other bank seems less concerned and allows charges from anywhere in the world without advance notice.

          It has nothing to do with banking rules, stone age or otherwise.

    2. Version 1.0 Silver badge

      Most local terminals in my state now accept chip cards but still require a signature - the US card companies are not issuing pins yet. All put one of my cards have been replaced by chip cards in the last couple on months.

      1. Uncle Slacky Silver badge
        Thumb Down

        Chip & signature

        The worst of both worlds...

      2. Blake St. Claire

        Not true

        > the US card companies are not issuing pins yet.

        I received my replacement C&P card a couple weeks ago and promptly set the PIN after activating it.

        Last year I asked for C&P replacements for my Amex and corporate travel CC. For those the card issuer assigned the PIN and sent a separate mail with them.

    3. Mark 85

      The cards are rolling out but the stores, etc. are, shall we say "having issues". Apparently, according to them, even if they have the C&P readers, the software takes months to get it work right. I think it's all just BS on the stores part. Either they don't care, or they don't want to spend anymore than they have to.

  2. tony2heads
    WTF?

    FTP command line utility

    What, no encryption ?

  3. Anonymous Coward
    Anonymous Coward

    Something for the C&P naysayers to contemplate

    If the crims, who after all have their own money in the game, think that Chip & PIN will reduce the value of their stolen card details, then despite it's imperfections perhaps it has been worth implementing all along - as the rest of the world concluded long ago.

  4. JimmyPage Silver badge

    Chip & PIN - so last decade ...

    As Josh Widdecombes' routine about paying with contactless shows.

    "Where am I off to ? the future. See you there, captain chequebook ..."

  5. tepescovir

    Chip and pin was introduced over a decade ago, i'm surprised the american insurance companies never insisted on it earlîer? or did they think getting americans to remember 4 numbers to pay for stuff would be a problem?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like