An anonymous reader writes: Now-infamous University of Cambridge security researchers Ross Anderson, Saar Drimer, and Steven Murdoch, who last year showed us Tetris on a payment terminal, have now shown how a paperclip can be used to bypass the UK banks' snake-oil "tamper-resistance" in their paper at the IEEE Security and Privacy conference. Why does this matter? Because the banks were sticking their customers with the bills when cloned cards were used, since the system was supposed to be invulnerable. Despite the banks' claims, the devices weren't even certified! The BBC featured the attack on the news last night. Hopefully this will lead to thousands of customers getting their money back.