You might not be able skim card details, but you could probably get the terminal to issue unexpected transactions.
The most interesting transaction would be a very large refund. I’ve seen organised crime groups target restaurants in the past to issue themselves £1k+ refunds. They pretend to pay for meal, and while they have the EMV terminal in their hand, they cancel the original transaction, put the device into management mode (using default passwords) and issue themselves a nice large refund.
It’s a complete pain in the arse for the banks receiving these refunds to catch and deal with properly. It’s surprisingly hard to return the money to the restaurant.
That’s pretty funny. Not that the restaurants deserve to be stolen from, but using the default password on an EMV is about as foolish as a restaurant leaving their registers open. I’m surprised the terminals don’t force you to at least set your own passcode.
The most interesting transaction would be a very large refund. I’ve seen organised crime groups target restaurants in the past to issue themselves £1k+ refunds. They pretend to pay for meal, and while they have the EMV terminal in their hand, they cancel the original transaction, put the device into management mode (using default passwords) and issue themselves a nice large refund.
It’s a complete pain in the arse for the banks receiving these refunds to catch and deal with properly. It’s surprisingly hard to return the money to the restaurant.