A new type of digital fraud, perpetrated in the physical world instead of the online one, is arousing not little concern. Through a Pose piratethat is, a device apparently identical to the common readers of cards used by merchants and restaurateurs, but manipulated to carry out unauthorized charges by simply approaching the pockets of the victims, has been recently used to Sorrentofrom one 36 -year -old woman of Peruvian origins, who pretending to be a tourist among passers -by perpetrated a sort of Bags 2.0. The operating mechanism of this scam is as simple as disturbing: the terminal, connected to a smartphone with a dedicated app, is able to activate contactless payments without the user by typing a pin or authorizing the operation in some way. It is not yet clear how the POS comes modified To withdraw money illegally: the investigators are analyzing the offending device together with what happened to shed light on the matter.
How 9 thousand euros were stolen through POS: the hypotheses
Although the case seem isolated, the hypothesis raised by the carabinieri, who speak of Pickpoccking 2.0it is not to be underestimated. Bank cards equipped with technology NFC (Near Field Communication) in fact allow Quick contact without contact for small amounts. It is precisely this function that the scammers could take advantage of to bring a modified POS closer to unsuspecting passers -by, simulating a transaction. The biggest doubt concerns the level of sophistication of the system: has it been altered deeply by a computer expert, or does it work thanks to a simple unofficial app installed on a smartphone and that has allowed the modification of the device? This has not yet been given to us.
The device in question was found in the bag of a woman stopped in Sorrento after a theft in a place in the center. According to the investigators, the same person could be responsible for another episode in Rome, where a tourist was robbed of 9,000 euros. The exact operation of the pi pirate is not yet completely clear: it is not known, for example, if the amount to be charged must be set manually or if the terminal is somehow capable of carrying out automatic withdrawals.
Internationally, similar cases are rare. One of the few documented episodes comes from Canada, where a criminal gang had managed to make himself poured fake reimbursements using modified terminals. In that context, however, the victims were the operators. The case just found in Italy, if confirmed, would represent a sort of evolution of the scam in question.
How to defend yourself from the Pi Pirate scam
To protect you from these any scams, a useful advice is that of stop using physical cards and rely on the Payments via smartphone. Systems such as Google Wallet (on Android) or Apple Wallet (On iPhone) they use advanced security protocols. According to the computer scientist Jacopo Jannonethe data transmitted by a smartphone to a POS during a transaction are not the real ones of the paper. The expert explained:
The data that the phone transmits to the POS are not those of the “physical” card. So even if the POS was hacked, the stolen data could not be used. Also, when you pay with the phone, the card Pin is not requested, which therefore cannot be intercepted.
