Apacs responds to chip and Pin scare

Powered by SC Magazine
 

Banking association investigates warning that consumers could be duped.

Banking association investigates warning that consumers could be duped.

The Association for Payment Clearing Services (Apacs) has responded to claims of a vulnerability in the supposedly watertight chip and Pin system.

Researchers at Cambridge University claimed last week that a flaw in the system could lead to consumers being duped by fake machines.

Steven Murdoch and Saar Drimer said that most discussions over the security of chip and Pin have focused on the tamper-resistance of terminals.

But this only ensures that the terminal will no longer be able to communicate with the bank once it has been opened.

This does not prevent anyone replacing most of the terminal's hardware and presenting it to customers as legitimate, so freely collecting card details and Pins.

The researchers took the chassis of a genuine terminal and replaced much of the internal electronics, taking control of the screen, keypad and card-reader.

To demonstrate the technique they uploaded a video of the terminal playing Tetris to YouTube.

Apacs, the payments organisation representing high street banks, said: " People could, in theory, use this to steal account details from cards. Our experts are in discussion with the manufacturers of terminals to see what can be done.

"However, we would say that this has only been seen in a laboratory so far. People would not be able to create counterfeit chip and Pin cards, but they could use this information abroad to make purchases."

Copyright ©v3.co.uk


 
 
 
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
 
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
 
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 4070

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1391

Vote