A research team at the University of Cambridge is claiming that Chip and PIN is broken.
A technical paper published by the University’s Computer Laboratory explains that the technology is flawed because when a plastic card enters a retailer’s terminal, an electronic “negotiation” takes place regarding whether a signature or PIN is required to authenticate the transaction.
According to the study, the system gives fraudsters an opportunity to trick the card into thinking it’s doing a chip-and-signature transaction, rather than chip-and-PIN.
The attack works regardless of the amount of money spent and may therefore lead to a bank refusing to pay out for purchases that have been “PIN Verified” but which a customer claims are fraudulent.
However, the method can’t be used for ATM withdrawals and once a card has been cancelled by the issuer, no attack of this nature can take place.
Keeping the full details secret, the Cambridge team refers to a “man in the middle” approach that involves a fraudster carrying a separate card reader in a back pack.
Source : http://www.bankingtimes.co.uk/15022010-chip-and-pin-technology-seriously-flawed/
A technical paper published by the University’s Computer Laboratory explains that the technology is flawed because when a plastic card enters a retailer’s terminal, an electronic “negotiation” takes place regarding whether a signature or PIN is required to authenticate the transaction.
According to the study, the system gives fraudsters an opportunity to trick the card into thinking it’s doing a chip-and-signature transaction, rather than chip-and-PIN.
The attack works regardless of the amount of money spent and may therefore lead to a bank refusing to pay out for purchases that have been “PIN Verified” but which a customer claims are fraudulent.
However, the method can’t be used for ATM withdrawals and once a card has been cancelled by the issuer, no attack of this nature can take place.
Keeping the full details secret, the Cambridge team refers to a “man in the middle” approach that involves a fraudster carrying a separate card reader in a back pack.
Source : http://www.bankingtimes.co.uk/15022010-chip-and-pin-technology-seriously-flawed/
No comments:
Post a Comment