Skip to main content

Chip and SPIN revealed

Hard on the heels of my comments yesterday about how the new Chip and PIN system for card purchases isn't as secure you might think, it appears that a new Web site called Chip and SPIN (opens in new tab) has gone into the fraud issues to some depth.

Along with the many security issues highlighted in the Web site, is the issue of middleperson attacks. These are where the wireless terminal you pop your card in and tap in your PIN has been tampered with, and relays all the relevant data to a secondary base station.

Since the normal criteria for a valid transaction are satisfied - namely, the card is present in the wireless reader, and the cardholder has typed in their PIN correctly, any old cobblers can be authorised using the secondary base station.

Of course, such middleperson frauds require a high degree of complicity and technical jiggery-pokery on the part of the fraudsters, but the pickings can be rich.

My general conclusions about Chip and PIN are such that I think you need your head examining if you use a debit card at the point of sale.

If you use a credit card instead, it's the bank's money, not yours, at stake. The bank simply sends you a bill.

If your debit card is compromised, you're knackered, as it's your money in your bank account that gets sucked dry.

No amount of gladmouthing by the card issuers can get around this fact. Myself, I've started paying cash for many of my sub-£30 purchases. It's a pain, but it's my munney...