I thought I read about this thing a long time ago, maybe on Brian Krebs' blog (?) but I can't find it. It was in the context of ATMs but the idea seems the same.
All I can find at the moment, also on ATMs, is this from last year:
EDIT:
That paper is actually cited in this work. They don't discuss the novelty of their approach compared to this though. Just a bigger search space due to more keys?
I always heard you should type your PIN at the ATM, then touch all of the buttons a bunch to block this ability. That way they only see that all the buttons were touched, not your PIN. Especially important now that thermal cameras (crappy ones) are pretty cheap.
Two reasons: if the bank can convince the court that you withdrew the money you are stuck with the lass. Even if the bank does suck up the loss, you will be out your own money for several months while they investigate (they could be the police or the bank)
https://www.albany.edu/iasymposium/proceedings/2017/Study%20...
EDIT: That paper is actually cited in this work. They don't discuss the novelty of their approach compared to this though. Just a bigger search space due to more keys?