Chip and PIN Research Slammed...as "Alarmist" |
Industry analysts have defended the benefits
of chip and PIN payments security after computer scientists at the UK’s University of Cambridge announced they had discovered a flaw in the PIN verification feature of the EMV protocol.
Acccording to the scientists, a man-in-the-middle device can intercept and modify the communications between a payment card and the POS terminal, and then trick the terminal into believing that PIN verification has succeeded. In a draft paper entitled ‘Chip and PIN is Broken’, the scientists said: “A dummy PIN must be entered, but the attack allows any one to be accepted.”
The report added: “Attacks such as this could help explain the many cases in which a card has supposedly been used with the PIN, despite the customer being adamant that they have not divulged it.”
Gareth Wokes, chairman of The Logic Group, which manages information and transactions for businesses, described the Cambridge research as “alarmist”.
Why do we still type our numbers into boxes at web checkout? |
He added that fraudsters have since moved on to e-commerce fraud, where chip and PIN technology is irrelevant, Editor's Note: "irrelevant" ONLY because we still conduct online transactions as if we live in the stone ages, i.e. typing Primary Account Numbers into boxes at website merchant checkouts worldwide. which is why fraud figures have subsequently begun to increase.
Continue Reading at Lafferty