Site Map
:: Bitwise Courses ::
Bitwise Dusty Archives



ruby in steel

learn aikido in north devon

Learn Aikido in North Devon


Section :: Rants and Raves

- Format For Printing...

Chip and Pin Secure? Think again!

Time to go back to cash maybe?
Thursday 11 February 2010.

I have to say I’ve never been enthused by ’chip and pin’ credit card verification. Maybe this has something to do with the fact that, shortly after my bank introduced this technology a few years ago, several thousand pounds mysteriously vanished from my bank account.

That money went via a telephone booking for a hotel in America (I was in Britain at the time) to a name not associated with my card and with no address being on record! So much for chip and pin. It simply doesn’t work over the phone.

But if you make a purchase ’face to face’, as it were, chip and pin must be secure, mustn’t it? The chip in your card is unique and your ’pin’ verification number is known only to you so what could go wrong?

Quite a lot, it seems. Researchers at my old University have come up with a simple machine that fools chip and pin readers into accepting any verification number you care to dream up. But maybe the devices needed to fool the cards are super difficult to make and require teams of propeller-headed boffins and huge stacks of money? Nope - alas not. According to Dr Steven Murdoch, one of the Cambridge team, "Even small scale criminal systems have better equipment than what we have. The amount of technical sophistication needed to carry out this attack is really quite low."

For more information, see the BBC web site.

AddThis Social Bookmark Button


  • Chip and Pin Secure? Think again!
    12 February 2010, by Michael J. Welch, Ph.D.

    I had money taken from my account (in America) to pay bills in Britain. What I find absurd is that nobody checked any of the verification data, card owner, address, pin, etc.

    It was very possibly just a data entry error, but if the card holder’s name doesn’t match the name of the person presenting the card, why wouldn’t that raise a red flag to someone in the processing chain?

    What then, is all this talk about security? There is no security, and you can’t live without credit/debit cards anymore.

    Until the card issuing agencies require reasonable verification, thieves will find credit card fraud an easy gig. You would think the card issuers would be more interested in stopping theft because they usually get stuck with the loss (at least in the US).

  • Chip and Pin Secure? Think again!
    11 February 2010, by Steven Burn

    Long time no speak Huw :o)

    Chip and Pin hasn’t been secure for yonks. Primarily because the data can be sniffed wirelessly, and staff have been caught skimming/copying/etc, the cards.

    • Chip and Pin Secure? Think again!
      11 February 2010, by Huw Collingbourne

      I must admit I don’t really believe money is money unless it makes a scrunching sound (jangling being an acceptable alternative) in my hand. Then again, I wouldn’t want to discourage the inward flow of money in whatever form it takes. It is just the outward flow I worry about.