Chip-and-pin credit card flaw exposed
By UK CreditCards.com
Researchers uncovered flaws in chip and PIN technology that could enable fraudsters to use stolen credit cards without the correct PINs.
A team at the University of Cambridge discovered that criminals may be able to trick the chip and PIN terminal into thinking the user's pin has been correctly verified, even though a completely different four-digit number has been entered. This means that the transaction can go ahead, with the receipt stating the PIN has been approved.
Ross Anderson, professor of security engineering in the university's Computer Laboratory, commented: "Over the past five years, thousands of cardholders have had stolen chip and PIN cards used by criminals. The banks often tell customers that their PIN was used and so it's their fault.
"Yet we've shown that it's easy to use a card without knowing the PIN -- and the receipt will say the transaction was 'Verified by PIN' even though it wasn't."
The UK Cards Association has dismissed the claims, however, insisting that the method is too "complicated" to present a real threat.
A spokeswoman for the association observed: "It requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal."
In a further attempt to reassure credit card holders, the spokeswoman revealed that the association will soon publish figures showing that card fraud has fallen to its lowest level for 20 years.
Published: 16 February 2010
- What's safer: your card details or your health details? – According to a study, more Brits trust their doctor than their card issuer. But is that mistrust unfounded? ...
- Section 75 and third parties: when you aren't protected – Section 75 may not apply if the relationship between the debtor, creditor and supplier is broken by a third party ...
- Industry responds to FCA's proposal on persistent credit card debt – Here's what industry experts have to say about the FCA's proposal to help credit card consumers in "consistent debt" ...