DCSIMG

Experts reveal chip and pin fraud danger

A team of computer researchers said they had uncovered flaws in the Chip and Pin system which are being exploited by fraudsters to use stolen cards.

The group from the University of Cambridge's Computer Laboratory found that criminals can insert a "wedge" between the stolen card and terminal, tricking it into believing the pin was correctly verified, when in fact any pin can be used for the transaction to go through. The card meanwhile thinks it was authorised by signature.

Dr Steven Murdoch said: "We have tested this attack against cards issued by most major UK banks. All have been found to be vulnerable."

The discovery is likely to place some question marks over the existing Chip and Pin design and its security.

Victims of this type of fraud may encounter problems obtaining refunds from their banks as the receipt produced states "Verified by Pin".

Professor Ross Anderson said: "Over the past five years, thousands of cardholders have had stolen Chip and Pin cards used by criminals. The banks often tell customers that their pin was used and so it's their fault.

"Yet we've shown that it's easy to use a card without knowing the pin -

and the receipt will say the transaction was 'Verified by Pin' even though it wasn't.

"This is not just a failure of bank technology. It's a failure of bank regulation. The ombudsman supported the banks and the regulators have refused to do anything. They were just too eager to believe the banks."

 
 
 

Back to the top of the page