Tuesday, February 16, 2010

Chip and PIN Cambridge Research Slammed as "Alarmist"




Chip and PIN Research Slammed...as "Alarmist"
Chip and PIN research slammed as ‘alarmist’



Industry analysts have defended the benefits

of chip and PIN payments security after computer scientists at the UK’s University of Cambridge announced they had discovered a flaw in the PIN verification feature of the EMV protocol.




Acccording to the scientists, a man-in-the-middle device can intercept and modify the communications between a payment card and the POS terminal, and then trick the terminal into believing that PIN verification has succeeded. In a draft paper entitled ‘Chip and PIN is Broken’, the scientists said: “A dummy PIN must be entered, but the attack allows any one to be accepted.”



The report added: “Attacks such as this could help explain the many cases in which a card has supposedly been used with the PIN, despite the customer being adamant that they have not divulged it.”



Gareth Wokes, chairman of The Logic Group, which manages information and transactions for businesses, described the Cambridge research as “alarmist”.








Why do we still type our numbers into boxes at web checkout?
Wokes said: “To position this as an overall failure of chip and PIN is misleading and counter-productive to the industry’s efforts against fraud. Chip and PIN successfully addressed the issue that it was created to address: that the person making a transaction is who they say they are. As such, a year after chip and PIN was introduced, card fraud dropped by 48 percent.”



He added that fraudsters have since moved on to e-commerce fraud, where chip and PIN technology is irrelevant,
Editor's Note:  "irrelevant" ONLY because we still conduct online transactions as if we live in the stone ages, i.e. typing Primary Account Numbers into boxes at website merchant checkouts worldwide.  which is why fraud figures have subsequently begun to increase.










Continue Reading at Lafferty











Disqus for ePayment News