Researchers at Cambridge University have claimed in a new paper that chip and PIN systems are not as secure as once thought.The paper, entitled Chip and Pin is Broken (PDF), said that chip and PIN readers could be " fooled" into accepting transactions, despite not having the relevant PIN.The researchers explained that it is possible to launch a man-in-the-middle attack, effectively blinding the machine to the fraud and letting criminals exploit lost or stolen cards.Chip and PIN has often been described as a silver bullet for securing transactions, and has been credited with causing a drop in fraud levels. Just this week Home Office minister Alan Campbell said that the system had "reduced fraud on lost or stolen cards to an all time low".However, the Cambridge researchers claim to have demonstrated how a hacker could use a stolen card without knowing the PIN."Since verified by PIN - the essence of the system - does not work, we declare the chip and PIN system to be broken," the paper said.The risk does not apply to cash machines, but could be exploited on the majority of cards using offline systems, such as those found in shops which connect elsewhere to approve a transaction.The researchers added that it is during this verification process that the flaw could be exploited.
Copyright ©v3.co.uk
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.