Chip-and-pin credit card flaw exposed
By UK CreditCards.com
Researchers uncovered flaws in chip and PIN technology that could enable fraudsters to use stolen credit cards without the correct PINs.
A team at the University of Cambridge discovered that criminals may be able to trick the chip and PIN terminal into thinking the user's pin has been correctly verified, even though a completely different four-digit number has been entered. This means that the transaction can go ahead, with the receipt stating the PIN has been approved.
Ross Anderson, professor of security engineering in the university's Computer Laboratory, commented: "Over the past five years, thousands of cardholders have had stolen chip and PIN cards used by criminals. The banks often tell customers that their PIN was used and so it's their fault.
"Yet we've shown that it's easy to use a card without knowing the PIN -- and the receipt will say the transaction was 'Verified by PIN' even though it wasn't."
The UK Cards Association has dismissed the claims, however, insisting that the method is too "complicated" to present a real threat.
A spokeswoman for the association observed: "It requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal."
In a further attempt to reassure credit card holders, the spokeswoman revealed that the association will soon publish figures showing that card fraud has fallen to its lowest level for 20 years.
Published: 16 February 2010
- Equifax reveals millions affected in data breach – Millions of records were accessed and hundreds of thousands are at high risk after the Equifax data breach ...
- Equifax suffers major breach - are you affected? – A breach at Equifax exposed details of millions of US consumers - and some UK consumers. Here's what you need to know ...
- Your credit limit: use it or lose it – Thanks to new rules, you may find unused credit cards or credit limits taken away in the next few months ...