Chip and PIN hack a bit complicated

The organisation representing credit and debit card providers was quick to tell customers to keep on using their cards, despite evidence that the Chip and PIN security system is highly vulnerable.

The UK Cards Association dismissed the threat that it considers to be theoretical and said in a statement that the method "requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal. This fraud is also detectable by the industry's systems."

The weakness is found in the so-called EMV (Eurocard, Mastercard and Visa) protocol and was carried out using a card reader, a first-generation Asus EEE PC 701 netbook, a specially designed FCPGA board and a the Chip and Pin device.

The "man in the middle attack" essentially tricks the terminal into thinking that the correct pin has been entered while the card is fooled into thinking that the transaction was authorised with a signature.

Worryingly, the receipt printed out will carry the words "verified by PIN" which means that the financial institution (the bank or card issuer) will say that the transaction was a valid one.