Chip-and-pin - poor security; the evidence mounts

Hard on the heels of my comments on Friday about a leading law firm slapping down chip-and-pin's security inadequacies comes news that a European security expert also reckons that card security isn't as good now as it used to be - before chip-and-pin was phased in.

Mike Bond, UK security director for Cryptomathic, the Danish security firm, is quoted in the latest CardLine Europe magazine was saying that, before chip-and-PIN came in, cardholders only needed their PINs at the 50,000 to 60,000 or so ATMs across the UK.

The problem with EFTPOS usage of chip-and-pin, says Bond, is that there are hundreds of thousands of devices that require PIN entry and many of them are not as secure as ATMs.

Bond adds that, as well as opening cardholders up to the possibility of fraud by modification of the EFTPOS system - as happened with the recent Shell station fiasco - chip-and-pin may not be as resistant to fraud as its proponents have claimed.

"Maybe we've expected more from it than we can deliver, especially during this transition period," he said, diplomatically...