The mobile point of sale (MPOS) devices can be easily hacked, leaving global banks, retailers and customers exposed to serious frauds, according to global information security firm MWR InfoSecurity.
The announcement came after the firm’s research arm MWR Labs demonstrated that it is easily possible to compromise MPOS terminals with multiple attacking techniques using micro USBs, Bluetooth and a malicious programmable smart card.
The findings were part of MWR’s ongoing research programme into secure payment technologies.
MWR InfoSecurity research head, Jon, said what they have found reveals that criminals can compromise the MPOS payment terminal and get full control over it.
"This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments.
"This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud," Jon added.
The findings can be used by companies to understand how they may be vulnerable to fraud and attack by criminals and subsequently take precautionary measures, MWR said.