It's taken the mainstream press long enough to realise, but the Chip & sPIN card payment system may be fatally flawed.
According to reports in the media, using 30 quids of electronic goodies that you buy from Maplins and about 10 minutes of tinkering, it's possible to tamper with a Chip & sPIN terminal to record all the
data entered via the keypad, the smart card interface and/or the mag stripe reader.
In short, all you need to go on a spending spree - on someone else's tab, of course...
The vulnerability is claims to have been caused by manufacturers' failure to build appropriate encryption technology into the devices, known as PIN-entry devices (PEDs), which meant that information passed between the card and the device unprotected.
Incredibly, APACS says that it doesn't deny that this type of fraud is achievable, but there are much easier ways of carrying out the same type of fraud, including skimming cards and capturing the PIN using a pin-hole camera - "and that's what we're focused on," an APACS spokeswoman said.
So there you have it folks. APACS knows full well that this kind of fraud is possible, but it's concentrating on other areas of fraud.
Banking terms and conditions anyone?...