Softpedia is carrying a story about Thomas Beeckmann, 26, pleading guilty to his involvement in an intricate operation in which PIN Entry Devices (PEDs) were altered seamlessly to record and transmit data from the cards that passed through them. The Point Of Sale devices were stolen from shops all around Europe, and brought to the UK where Beeckmann rigged them up to steal data. He would add a circuit board inside each one, containing a small amount of memory to store information. The PEDs were then reintroduced to the shops.
The crooks involved in this scam didn’t even have to physically remove the freshly planted devices in order to retrieve the target data. Everything was transmitted through a Bluetooth component to a gang member that would only have to be near the apparatus for a short period of time. The data was retrieved and used to create clone cards for use at other shops and online.
These POS scanners would look and behave just like normal devices. Transactions processed on them would simply flow through them. There would be no way for a typical customer to tell the difference. My question is, why would a shop owner return these stolen devices to service after their disappearance and re-appearance? Something does not sound completely right here. There has got to be more to the story, complicity, complacency, or stupidity?