All the latest UK technology news, reviews and analysis
|
|
|
08 Jan 2007
The Association for Payment Clearing Services (Apacs) has responded to claims of a vulnerability in the supposedly watertight chip and Pin system.
Researchers at Cambridge University claimed last week that a flaw in the system could lead to consumers being duped by fake machines.
Steven Murdoch and Saar Drimer said that most discussions over the security of chip and Pin have focused on the tamper-resistance of terminals.
But this only ensures that the terminal will no longer be able to communicate with the bank once it has been opened.
This does not prevent anyone replacing most of the terminal's hardware and presenting it to customers as legitimate, so freely collecting card details and Pins.
The researchers took the chassis of a genuine terminal and replaced much of the internal electronics, taking control of the screen, keypad and card-reader.
To demonstrate the technique they uploaded a video of the terminal playing Tetris to YouTube.
Apacs, the payments organisation representing high street banks, said: " People could, in theory, use this to steal account details from cards. Our experts are in discussion with the manufacturers of terminals to see what can be done.
"However, we would say that this has only been seen in a laboratory so far. People would not be able to create counterfeit chip and Pin cards, but they could use this information abroad to make purchases."
Latest stories from Web
Related videos
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
PHP developer - CSS, HTML, Javascript, MySQL, Linux...
Senior BPM Developer (Java, J2EE, Agile, Spring, Struts...
As a Business Analyst you will play a key role in understanding...
C#/ASP.NET Team - Gloucester - My client has an urgent...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
universal Id system
George you are right that banks should realise that their Chip and PIN system is not a good system to combat fraud. Recently I was made aware if universal ID KEY system on website www.xwave.co.uk . After giving a thought I agree with the inventor of this unique system that unless this system is implemented it is virtually impossible to combat fraud crimes. I will appreciate if someone could let me know why ID KEY will not solve this unsolved problem of deterring fraud crimes.
Posted by: jack 23 May 2007
Chip and PIN does not deter all fraud and hence is not good enough
I believe that banks should not rely on Chip and PIN system to combat fraud because this system is not good enough to deter identity fraud, card not present fraud, ATM fraud etc. Card fraud at petrol stations shows that rather than deterring Chip and PIN system is benefiting fraudsters. I hope banks find a system better than this to combat fraud which will otherwise continue to grow.
Posted by: George 16 May 2007