DCSIMG

Computer experts find flaws in Chip and Pin

FRAUDSTERS are exploiting flaws in the Chip and Pin system to use stolen cards, researchers claimed last night.

The group from the University of Cambridge's Computer Laboratory found that criminals can insert a "wedge" between the stolen card and terminal, tricking it into believing the pin has been verified, when any pin can be used for the transaction to go through.

The card, meanwhile, thinks it was authorised by signature.

Dr Steven Murdoch said: "We have tested this attack against cards issued by most major UK banks. All have been found to be vulnerable."

The discovery is likely to place question marks over Chip and Pin design and security. Victims of this type of fraud may encounter problems obtaining refunds from their banks as the receipt produced states "Verified by Pin".

Professor Ross Anderson said: "Over the past five years, thousands of cardholders have had stolen Chip and Pin cards used by criminals.

"The banks often tell customers that their pin was used and so it's their fault. Yet we've shown that it's easy to use a card without knowing the pin – and the receipt will say the transaction was 'verified' by Pin'."

"This is not just a failure of bank technology, it's a failure of bank regulation. The ombudsman supported the banks and the regulators have refused to do anything. They were just too eager to believe the banks."

 
 
 

Back to the top of the page