The Register is reporting on a new study by Cambridge security researchers that show that card readers for online banking are inherently insecure.
Researchers Saar Drimer, Steven J Murdoch and Ross Anderson found a number of serious security shortcomings after reverse engineering the underlying protocol (called the Chip Authentication Programme or CAP) that underpins hand-held card readers. Readers are typically used alongside customer’s debit cards to generate one-time codes for online banking login and transaction authentication.
Here’s the full research paper (.pdf)