Protecting financial and/or sensitive information including payment card data, personal identification numbers (PINs) and personal identification information from fraud and theft is a problem for many companies. The Payment Card Industry (PCI) is addressing some of the issues by providing security guidelines for payment peripherals that include card readers, keyboards containing card readers, and PIN entry devices. The PCI guidelines set minimum requirements for payment peripherals that include the use of encrypted data and management of encryption keys.
In addition to payment peripherals, there are other types of peripherals that are used to input valuable and/or sensitive information. For example, an optical code scanner can be used to read a barcode on a personal identification document that has sensitive personal information encoded in the barcode. In another example, a radio frequency identification (RFID) reader can be used to read an RFID chip located in a personal identification document or credit card that has sensitive financial or personal information.
Many standards and guidelines exist that govern how to identify and establish initial communications with peripherals that process valuable and/or sensitive information. However, there also currently exist numerous types of security attacks that seek to overcome these standards and guidelines and gain access to the information. Some of these attacks attach components to the inside and outside of the peripherals or to the communication cables used by the peripherals. These components monitor communications or data being transferred within the peripheral to capture sensitive information. Some attacks add malicious computer instructions to the peripherals that collect sensitive information. In most cases, the different attacks are transparent to the peripherals and to the operation of the peripherals making these types of attacks difficult to detect.