Chip-and-pin credit card flaw exposed
By UK CreditCards.com
Researchers uncovered flaws in chip and PIN technology that could enable fraudsters to use stolen credit cards without the correct PINs.
A team at the University of Cambridge discovered that criminals may be able to trick the chip and PIN terminal into thinking the user's pin has been correctly verified, even though a completely different four-digit number has been entered. This means that the transaction can go ahead, with the receipt stating the PIN has been approved.
Ross Anderson, professor of security engineering in the university's Computer Laboratory, commented: "Over the past five years, thousands of cardholders have had stolen chip and PIN cards used by criminals. The banks often tell customers that their PIN was used and so it's their fault.
"Yet we've shown that it's easy to use a card without knowing the PIN -- and the receipt will say the transaction was 'Verified by PIN' even though it wasn't."
The UK Cards Association has dismissed the claims, however, insisting that the method is too "complicated" to present a real threat.
A spokeswoman for the association observed: "It requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal."
In a further attempt to reassure credit card holders, the spokeswoman revealed that the association will soon publish figures showing that card fraud has fallen to its lowest level for 20 years.
Published: 16 February 2010
- What is SIM card fraud -- and how can you avoid it? – While banks and phone companies are working to prevent SIM card fraud, you should take preventive steps, too ...
- Your card's security code explained – What is the short code on the back of your card called, why is it important and how is it evolving? ...
- Why are some consumers still being charged high transaction fees? – Despite rules regarding transaction fees, some companies are still tacking on too much to credit card purchases ...