For the proof-of-concept hack, the researchers opened up one of the supposedly tamper-proof terminals, replaced its internal hardware with their own, put it back together without any external evidence of tampering and then got the machine to play Tetris.

"We demonstrated that with the new hardware, everything is under our control -- the card reader, the LCD display and the keypad," said Saar Drimer, one of the researchers involved in the demonstration.

Chip-and-PIN transactions are supposed to be far more secure than transactions using credit and debit cards based on traditional magnetic stripe technology and signature-based authentication. Chip-and-PIN transactions involve the use of credit and debit cards with embedded microchips that are authenticated using a personal identification number. Retailers in the U.K. began rolling out the technology in 2003.

The proof-of-concept hack showed how all components of the PIN pads used to authenticate such transactions could be made to interact and respond to input from one another, Drimer said in e-mailed comments late last week. "This means that the card reader can read information from the chip and display it on the screen. The data from the keypad, such as a PIN, can also be recorded," Drimer said.

Creating fake terminals is not all that difficult and doesn't require more than a "moderate" technical competency, Drimer said. "The environment in which such terminal would be placed will vary, but can be done potentially anywhere where strict mechanisms are not enforced to prevent it," he said.