Chip And Pin Card System Flawed According To Cambridge Researchers

Experts at the Cambridge University have reported a massive flaw in the Chip and Pin debit card system that can trigger a series of fraudulent transactions if not fixed on time, as according to them, the trick to do so is relatively simple.

The researchers at Cambridge have been testing the Chip and Pin system for a long time now and have successfully discovered many flaws in the system over the years. However, this time, they claim that this is the biggest flaw uncovered in payment systems in recent times.

They have come up with a way to trick the system into thinking the correct pin number has been entered by exploiting the way the remote reader talks to the main shop terminal.

They claimed that they conducted an attack on the system, which tricked the card reader into authenticating the transaction even though the valid PIN number was not entered.

Explaining the nature of the flaw in the card reader system, Saar Drimer, a member of the Cambridge research team that discovered the said flaw, said that “Essentially what it does is to exploit a flaw in the chip and pin system. It makes the terminal think the correct pin has been entered, and the card think the transaction was authorised with a signature.”

Our Comments

Does that mean the end of the Chip and Pin altogether? Certainly not. However, expect the banks and other financial authorities to scramble to close the vulnerability. Lastly, and that's an interesting point, the card (or a copy of it) must be physically present, it seems, for the trick to work.

Related Links

Chip and pin card readers fundamentally flawed


Alarm over chip & pin card scam


Chip and PIN is broken, say researchers

(ZD Net)

Chip and pin fraud danger revealed

(Google News)