FedEx Kinko's ExpressPay card (and others?) hacked

Earlier this week, information security company Secure Science released a video of a hack that would defeat FedEx Kinko's ExpressPay card's limited security. As with all traumatic events, FedEx first issued a denial, but have recently come to accept the situation, albeit with the position that the hack
"does not pose a significant risk" to consumers. Yeah, it wouldn't 'cause the hack allows you to load, say $1 onto your ExpressPay card at a kiosk and then bump it to oh, say $100 using an off-the-shelf card reader connected to your PC. See, the payment cards are protected by a simple, unencrypted security code. While sniffing the code from the FedEx Kinko's terminal as it writes data to the card is no easy task (think soldering iron and logic analyser), the code is the same for all cards so it's (now) only a matter of time until that 3-bytes of black magic ends up on the ol'
Internet, eh? Thing is, the FedEx Kinko's system is developed by enTrac Tech and also deployed in hotels and other locations across the country. We think you can see where this is heading — hacker road trip!

[Via Hack A Day]