Shell EFTPOS - so that's how they did it

Managed to find out this week how the Shell Oil EFTPOS scam - which reportedly generated more than a million quidlets for the fraudsters concerned - actually worked.

Despite Shell going very quiet, it seems that the fraudsters acquired a number of the EFTPOS units concerned and tried various methods of breaking into the devices physically and beating the units' tamper-proof self-destruct system.

If my contacts are to be believed, they discovered that, if the units were drilled into on one side at a specific point, the self-destruct mechanism did not trigger.

Using this approach allowed the EFTPOS units to be modified and then swapped for legit units out at the Shell stations concerned. From there it was a simple matter to extract card data for cloning.