British Airways beefs up card transaction security

I was highly intrigued to hear that British Airways has implemented Chip&Pin on board all its flights, claiming it is first UK airline to achieve `end-to-end' Chip&Pin accreditation.

Despite what you're thinking, the EFTPOS terminals on board the aircraft do not establish an air-to-ground link to verify the PIN - from what I've discovered, the terminals merely compare the PIN entered by the customer with the issued PIN stored on the card chip.

I must confess that I was labouring under the impression, like many people, that the PIN is only held on the bank network computers.

In fact, a highly encrypted `compare-only' version of the PIN is held deep in the heart of the card chip, which will only give a yea/nay response when a PIN comparison data string is pumped in.

Even so, to store a version of the PIN on the card - in whatever format - really does undermine the security of the Chip&Pin system.

You mean, more than it is already? -Ed

The terminals being used by British Airways are Clue Trader's SkyPort Plus, which apparently is capable of storing the daily country hotlist of missing cards known to be in fraudulent usage.

British Airways claims that the terminals have helped to reduce on-board fraud substantially.

I appreciate that, but I wonder how long it will be before one of these terminals goes missing...?