10:22 AM
Connect Directly

Cambridge Scientists Demonstrate Vulnerability of Chip Cards

Small device can trick terminals into authorizing card transactions without an accurate personal identification number.

Computer scientists in the U.K. have found a way to trick point-of-sale terminals into accepting virtually any made-up PIN to authorize a transaction made with a chip card. This is one more discouragement to the U.S. card industry, which has been slow to adopt chip cards for cost reasons.

A BBC Newsnight segment on the Cambridge work will air tonight at 10:30 but can be viewed here. The team have also authored a technical paper, "Chip and PIN is Broken."

According to the researchers, fraudsters can easily insert a "wedge" between the stolen card and terminal, which tricks the terminal into believing that the PIN was correctly verified. In fact, the fraudster can enter any PIN, and the transaction will be accepted. They have tested this attack against cards issued by most major U.K. banks and it has worked every time.

The researchers also say that victims of such attacks may have a difficult time being refunded by their bank. The receipt produced will state "Verified by PIN," and bank records will show that the correct PIN was used. Banks may then argue that the customer must have been negligent and had allowed the criminal to know their PIN. Such attacks do not require technical sophistication and can be carried out with equipment that can be easily hidden in a backpack, the academics say.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.