I bet the CCA design "hole" will be closed, post haste. Not knowing the exact implementation, I wonder if a recall is needed or simply an firmware upgrade. Until then, physical security of the crypto card is all that's left.

Back in the 80's, I was a developer on the IBM 4700 systems. These systems, with a link to big iron, were used to control bank branch teller terminals, administrative terminals, and, at some banks, ATMs. During a "migration" from 16-bit to 32-bit processors, I, "in my spare time", re-implemented the DES functions. The processor clock was 30% faster, but by changing the software design, I got almost 7 times the performance for encrypting/decrypting long messages. Transactions are typically short messages. The hardest part was thorough testing because the code was committed to silicon and it was $40K to re-release the ROM part. Yep, silicon being a metal, this was coding on bare metal, and I managed to do it right the first time.

Anyway, if you used IBM ATMs in the 80's, and your bank used a 4700 system to control them, you tickled my code. Teller transactions may or may not have used crypto functions. Banks wrote these applications, so crypto was an available option.