Chip-and-pin credit card flaw exposed
By UK CreditCards.com
Researchers uncovered flaws in chip and PIN technology that could enable fraudsters to use stolen credit cards without the correct PINs.
A team at the University of Cambridge discovered that criminals may be able to trick the chip and PIN terminal into thinking the user's pin has been correctly verified, even though a completely different four-digit number has been entered. This means that the transaction can go ahead, with the receipt stating the PIN has been approved.
Ross Anderson, professor of security engineering in the university's Computer Laboratory, commented: "Over the past five years, thousands of cardholders have had stolen chip and PIN cards used by criminals. The banks often tell customers that their PIN was used and so it's their fault.
"Yet we've shown that it's easy to use a card without knowing the PIN -- and the receipt will say the transaction was 'Verified by PIN' even though it wasn't."
The UK Cards Association has dismissed the claims, however, insisting that the method is too "complicated" to present a real threat.
A spokeswoman for the association observed: "It requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal."
In a further attempt to reassure credit card holders, the spokeswoman revealed that the association will soon publish figures showing that card fraud has fallen to its lowest level for 20 years.
Published: 16 February 2010
- Industry responds to FCA's proposal on persistent credit card debt – Here's what industry experts have to say about the FCA's proposal to help credit card consumers in "consistent debt" ...
- Open banking FAQs answered – What is the new "open banking" initiative, how will it work and how will it benefit you? ...
- FAQs on FCA proposal for helping consumers with persistent credit card debt – The FCA is suggesting new rules for credit card companies to help those with "persistent debt". Here's what you need to know ...