Skip to main content

Chip-and-pin - no, it really isn't secure

Regular readers of this blog will recall my mini-rants about chip-and-pin and how I simply don't view it as being as secure as the chip-and-signature system for protecting credit and debit cards.

Well I'm not alone, as a report from Martin Geere of Philippsohn Crawfords Berwald (opens in new tab), the well-known London-based law firm, which specialises in property and security matters, says there are a number of warnings as to the effectiveness of chip-and-pin in combating fraud.

According to the law firm, there are concerns that fraudsters can intercept chip-and-pin data as it is being transmitted to approve a purchase.

The law firm's press statement - which was issued earlier this week in response to the Shell station chip-and-pin fiasco - makes only passing reference to the insecurity of the data.

So I did some digging and discovered that the wireless PINPads (opens in new tab)in use in many bars and restaurants around the UK do not encrypt the chip and PIN data flowing to the base station.

This means that the card details, together with the PIN entered by the customer, are on open WiFi access. In theory, a hacker with a a laptop enabled with WiFi facilities could eavesdrop on the data stream and clone a number cards, together with their PIN, if they wanted to.

I think I'm going to be paying cash next time we go out for a bite to eat...